|
|
|
|
|
|
by ashishb
2 days ago
|
|
|
> The ability for npm to run scripts on any level should be removed. Even Python has that ability now.
Also, `npm run dev` is running the script with full disk access. Heck, Vscode/Cursor will auto-execute code if you open a project. And this has been actively used in the wild https://ashishb.net/security/contagious-interview/ |
|
|