Y
Hacker News
new
|
ask
|
show
|
jobs
by
jdiff
14 days ago
Most package managers with postinstall scripts are also heavily curated and have reputation systems. As you say, they run as root, so the high trust requirement is definitely warranted. Anyone can upload an npm package.