Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
blktiger
7mo ago
0 comments
Save
Share
Both NPM and Yarn have a way to disable install scripts which everyone should do if at all possible.
0 comments
1 comments · 1 top-level
top
newest
oldest
twistedpair
7mo ago
Good point, but until many popular packages stop requiring install.sh to operate, you'll still need to allowlist some of them. That is built into the PNPM tooling, luckily :)
j
/
k
navigate · click thread line to collapse
