|
|
|
|
|
|
by homebrewer
9 days ago
|
|
|
Your own link says that a proper package manager (e.g. pnpm) supports this out of the box. If there are other use cases that really need post-install scripts, you can whitelist just those in pnpm. In projects I'm working with, there are often zero post-install scripts that must be enabled for everything to work properly, and it's usually from poorly cobbled packages that use them to download prebuilt binaries (well written packages, like biome or tsgo, use per-architecture subpackages). You enable just one or two of those, and block everything else. |
|
|