Pretty sure that every time (or almost every time) when I run `npm install` in a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		aasasd on Oct 23, 2021 \| parent \| context \| favorite \| on: NPM package ‘ua-parser-JS’ with more than 7M weekl... Pretty sure that every time (or almost every time) when I run `npm install` in a repo downloaded from Github, NPM complains about several security problems in the dependencies. Kinda feels like an unending ‘cry wolf’ situation.

maaanu on Oct 23, 2021 [–]

Exact the same analogy Dan Abramov used in his blog: https://overreacted.io/npm-audit-broken-by-design/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact