Comment by blktiger 4 days ago Both NPM and Yarn have a way to disable install scripts which everyone should do if at all possible. 1 comment blktiger Reply twistedpair 4 days ago Good point, but until many popular packages stop requiring install.sh to operate, you'll still need to allowlist some of them. That is built into the PNPM tooling, luckily :)
twistedpair 4 days ago Good point, but until many popular packages stop requiring install.sh to operate, you'll still need to allowlist some of them. That is built into the PNPM tooling, luckily :)
Good point, but until many popular packages stop requiring install.sh to operate, you'll still need to allowlist some of them. That is built into the PNPM tooling, luckily :)