What would it break? It can't do anything that NPM malware wouldn't also do and that's a risk I've already accounted for.
At best someone extracts 0-59 minutes of a session key for my aws credentials for one development account, boring, whatever source code is currently on the machine, also boring,
There's more risk that vetting someone on Upwork goes wrong and they burn me than Claude does.
Am I blind to the actual risk here? how many of you execute unverified code from libraries without a sandbox?
Meh. When someone proudly announces to the world they are deliberately doing unsafe things as if they are untouchable, then it is only fair to be mocked when they are finally touched.
You should not have mercy on someone who repeatedly ignores all warnings without thinking and then hurts themselves in the way the warnings promised. At that point you are on your very own.
What would it break? It can't do anything that NPM malware wouldn't also do and that's a risk I've already accounted for.
At best someone extracts 0-59 minutes of a session key for my aws credentials for one development account, boring, whatever source code is currently on the machine, also boring,
There's more risk that vetting someone on Upwork goes wrong and they burn me than Claude does.
Am I blind to the actual risk here? how many of you execute unverified code from libraries without a sandbox?
In that case, you’re not a very nice person.
Meh. When someone proudly announces to the world they are deliberately doing unsafe things as if they are untouchable, then it is only fair to be mocked when they are finally touched.
In some cases "victim blaming" is just fine.
Like if someone purposefully runs at a brick wall, it's just fine to go <nelson>HA-HA</nelson> at them. Did they expect a different result than pain?
You should not have mercy on someone who repeatedly ignores all warnings without thinking and then hurts themselves in the way the warnings promised. At that point you are on your very own.