Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
homebrewer
23 days ago
|
parent
|
context
|
favorite
| on:
Anthropic acquires Bun
pnpm does all that on top of node. Also disables postinstall scripts by default, making the recent security incidents we've seen a non-issue.
junon
23 days ago
|
next
[–]
As the victim of the larger pre-Shai-Hulud attack, unfortunately the install script validation wouldn't have protected you. Also, if you already have an infected package on the whitelist, a new infection in the install script will still affect you.
antihero
23 days ago
|
prev
|
next
[–]
I’m not sure why but bun still feels snappier.
B56b
23 days ago
|
parent
|
next
[–]
This is why:
https://bun.com/blog/behind-the-scenes-of-bun-install
babyshake
23 days ago
|
parent
|
prev
|
next
[–]
Aside from speed, what would the major selling points be on migrating from pnpm to bun?
daheza
23 days ago
|
prev
|
next
[–]
Are there any popular packages that require postinstall scripts that this hurts?
replete
23 days ago
|
prev
[–]
A whitelist in package.json is only a partial assist
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
