That’s cool, now I wish all libraries that need binaries would opt to use that i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		halflife 36 days ago \| parent \| context \| favorite \| on: Shai-Hulud Returns: Over 300 NPM Packages Infected That’s cool, now I wish all libraries that need binaries would opt to use that instead of post script

zahlman 36 days ago [–]

Do keep in mind that the binaries are still binaries. Even if your installation process doesn't run any untrusted code from the package, you can't audit the binaries like you might the .js files prior to first run.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact