Is there any reason to keep using postinstall scripts allowed instead of asking ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mrklol 18 days ago \| parent \| context \| favorite \| on: GitLab discovers widespread NPM supply chain attac... Is there any reason to keep using postinstall scripts allowed instead of asking e.g. the user? Are they even needed in most cases?

Cthulhu_ 18 days ago [–]

If you ask the user "should I run this script" after installing, they will just hit yes every time. But also, a lot (I'm confident it's "most") of NPM install operations are done on a CI server, which need to run without human interaction.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact