Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
whyever
on July 7, 2025
|
parent
|
context
|
favorite
| on:
Deno 2.4
All the attacks you described also apply to downloading and executing a file. I don't think `curl | sh` is worse in this regard.
bflesch
on July 7, 2025
|
next
[–]
With a downloaded file your antivirus will run automated checks on it, you can calculate a hash signature and compare the value with others who also download the file, and you will notice if the file changes after you execute it.
davedx
on July 7, 2025
|
prev
[–]
If you download it first, you can at least eyeball what's been downloaded to check it doesn't start by installing a bitcoin miner
geysersam
on July 7, 2025
|
parent
[–]
How often do people do that when they install a package from npm, pypi, or
other package repository
? In practice never.
Consider applying for YC's Fall 2026 batch!
Applications
are open till July 27.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: