This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
npx
Run a command from a local or remote npm package
Description
This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.
Yeah, this seems like a very smart but inherently flawed idea.
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
May as well just release an executable tbh.