Y
Hacker News
new
|
ask
|
show
|
jobs
by
philipwhiuk
1 day ago
The entire use-case of that package is a security nightmare.
1 comments
gear54rus
1 day ago
Then don't use it. Just don't presume to tell me if I can or can't.
link
dgellow
1 day ago
Given that has an impact over the whole industry, I will for sure tell you that patching
on install
SHOULD NOT be a thing. Up to you to run your own post install script yourself
link
port11
1 day ago
You’re free to allow scripts as per the linked docs for NPM 12. But the vast majority of us will appreciate the reduced attack surface.
link
jeremyjh
1 day ago
TFA explains how this works, and how to opt out.
link