Y
Hacker News
new
|
ask
|
show
|
jobs
by
tmpz22
10 days ago
> anything where code executes
ALL the agentic orchestrators like codex, claude-code, etc. seem to do this by default.
2 comments
ffemac
10 days ago
Exactly, popular AI coding harness (OpenCode/KiloCode) downloads random npm packages in the background without you knowing. What's worse is the devs don't care.
link
sureshpaulchamy
9 days ago
With coding agents, npm install can become a side effect of "make the tests pass." That feels like a very different risk model.
link