Is using any type of NPM type stuff a no go? Who reads the code and verifies is ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		m3kw9 19 days ago \| parent \| context \| favorite \| on: Shai-Hulud malware attack: Tinycolor and over 40 N... Is using any type of NPM type stuff a no go? Who reads the code and verifies is secure?

theruss 19 days ago [–]

Other than the maintainer (which isn't of course guaranteed) no-one other than it being incumbent on userland deployment, and those deploying a lib into a project to review the code.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact