|
|
|
|
|
|
by munificent
4159 days ago
|
|
|
> This applies to pretty much every pkg manager ever created. For what it's worth, the package manager for Dart does not have this problem. We specifically didn't add support for any kind of post-install hook because executing arbitrary code from transitive dependencies feels a little fishy to me, and I'm not at all a security person. Unfortunately, there's lot of good uses for post-install hooks too. It's a hard problem. |
|
|