Hacker News new | ask | show | jobs
by CGamesPlay 13 days ago
It's unstated, but I'm willing to assume that only the root package.json is consulted to decide if these scripts are allowed. Otherwise, yes, this would not actually change anything.
1 comments
heldrida 13 days ago
Thanks for the sanity check!

Had a quick read on my mobile, and that was my first impression.

Guess its more of a way to make the maintainers accountable instead of making npm reputation the main focus.

link