undefined | Better HN

0 pointsblktiger4mo ago0 comments

Both NPM and Yarn have a way to disable install scripts which everyone should do if at all possible.

0 comments

Good point, but until many popular packages stop requiring install.sh to operate, you'll still need to allowlist some of them. That is built into the PNPM tooling, luckily :)

j / k navigate · click thread line to collapse

0 pointsblktiger4mo ago0 comments

Both NPM and Yarn have a way to disable install scripts which everyone should do if at all possible.

0 comments

twistedpair4mo ago

Good point, but until many popular packages stop requiring install.sh to operate, you'll still need to allowlist some of them. That is built into the PNPM tooling, luckily :)

j / k navigate · click thread line to collapse