Comment by dachris
4 days ago
You'd be surprised how many people run 'npm i' in their CI. I've seen this on multiple occasions.
'npm ci' is some mitigation, but doesn't protect against getting hit when running 'npm i(nstall)' during development.
4 days ago
You'd be surprised how many people run 'npm i' in their CI. I've seen this on multiple occasions.
'npm ci' is some mitigation, but doesn't protect against getting hit when running 'npm i(nstall)' during development.
Update your knowledge. ”npm install” hasn’t done auto-upgrades for years now.