oh, you care about open source security? please run npm install -g on this completely opaque tool with 500 dependencies. don’t worry, we automerge every single dependency bump on our side for Maximum Security.
Post
Replies:
3
@yossarian tired: cooldowns, wired: npx
@andrewnez it might actually be good if tools required you to set `JUST_FUCK_MY_SHIT_UP=1` before running the “execute arbitrary code directly from the Internet with no guardrails” command
@yossarian one simple trick, security folks hate this
