I have an friend that starts an project next month that will rely on npm. He is ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Yokohiii 43 days ago \| parent \| context \| favorite \| on: GitLab discovers widespread NPM supply chain attac... I have an friend that starts an project next month that will rely on npm. He is quite a noob and didn't code in ages. He will have almost no clue how to harden against this, he will probably not even notice if he becomes a victim until something really bad happens. Pretty sad.

mkesper 43 days ago | [–]

At least make them run pnpm instead of npm, disabling post-install scripts. https://pnpm.io/supply-chain-security

newsoftheday 43 days ago | [–]

"a friend" because friend starts with a consonant sound, not a vowel sound. "a project" for the same reason.

HTH.

Yokohiii 43 days ago | [–]

Like an egregious comment?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact