I tend to agree but think npms post install hook is a degree worse. Triggering d... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		seniorsassycat 27 days ago \| parent \| context \| favorite \| on: Shai-Hulud compromised a dev machine and raided Gi... I tend to agree but think npms post install hook is a degree worse. Triggering during install, silently because npm didn't like someone using the feature to ask for donations, is worse than requiring you to load and run the package code.

staticassertion 27 days ago [–]

Which package managers don't contain an equivalent feature for running code as part of the install process?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact