Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
_3u10
34 days ago
|
parent
|
context
|
favorite
| on:
Dependency cooldowns turn you into a free-rider
I’ve never seen code that is downloaded run itself. Why not be the change you want to see in the world and run sudo or spawn your browser in a jail. Or download as another user.
endymi0n
34 days ago
[–]
Welcome to npm post-install scripts...
https://docs.npmjs.com/cli/v11/using-npm/scripts
okanat
34 days ago
|
parent
|
next
[–]
And Rust build scripts:
https://doc.rust-lang.org/cargo/reference/build-scripts.html
johnny22
34 days ago
|
parent
|
prev
[–]
glad pnpm disables those by default!
skeeter2020
33 days ago
|
root
|
parent
[–]
PSA: if you're using (a newish release of) npm you should have something like this as a default, unless you've got good reasons not to:
min-release-age=7 # days
ignore-scripts=true
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
