Run the commands and ignore all of the outputs
Nothing could go wrong :)
Installed 4239 packages 8000 severe vulnerabilities 200 packages looking for funding
But how else will I figure out if a value is true?
I bet there’s an online service for that
Oh right, I can avoid the full isTrue library implementation with its 8000 dependencies, and instead install the isTrue client, which uses the isTrue cloud service and its REST APIs. Soon it will be AI powered. Then I’ll really be able to tell for sure if my variable value is actually true or not.
Look, can I ask a favor? Can you take that, package it, and put it on npm so I can use it in my project?
You just call GPT and ask if it’s true. Get with the times!
always close your toilet lid before npm installing!
Forgot to make a salt circle to contain the evil.
Jayden animations?
I only do npm install in a docker container where the project and npm cache is mounted. Gives me a bit of security regarding attacks through post install scripts. (
--no-scriptsis not an option since I need some of them)When do people ever do npm install if you don’t trust the project or know what install scripts will run? I’m a web developer of 10 years and I’ve never run npm install to install a piece of software. The only time I ever run npm is when I’m doing development for work.
Usually in the “lets see how this random project I cloned from GitHub works for my use case” scenario. I want to see how it works and if it would cover my use case before spending time on checking code and dependencies for security issues.
So it doesn’t have any other means of installing I take it.
Usually I take that as a red flag, that it isn’t popular or mature enough. But to each their own.
