Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
halflife
7 months ago
|
parent
|
context
|
favorite
| on:
Shai-Hulud Returns: Over 300 NPM Packages Infected
That’s cool, now I wish all libraries that need binaries would opt to use that instead of post script
zahlman
7 months ago
[–]
Do keep in mind that the binaries are still binaries. Even if your installation process doesn't run any untrusted code from the package, you can't audit the binaries like you might the .js files prior to first run.
Consider applying for YC's Fall 2026 batch!
Applications
are open till July 27.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: