Hacker News .hn
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
twistedpair
4 months ago
|
parent
|
context
|
favorite
| on:
Shai-Hulud Returns: Over 300 NPM Packages Infected
Good point, but until many popular packages stop requiring install.sh to operate, you'll still need to allowlist some of them. That is built into the PNPM tooling, luckily :)
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
