Comment by _3u10
9 days ago
I’ve never seen code that is downloaded run itself. Why not be the change you want to see in the world and run sudo or spawn your browser in a jail. Or download as another user.
9 days ago
I’ve never seen code that is downloaded run itself. Why not be the change you want to see in the world and run sudo or spawn your browser in a jail. Or download as another user.
Welcome to npm post-install scripts... https://docs.npmjs.com/cli/v11/using-npm/scripts
And Rust build scripts: https://doc.rust-lang.org/cargo/reference/build-scripts.html
glad pnpm disables those by default!
PSA: if you're using (a newish release of) npm you should have something like this as a default, unless you've got good reasons not to:
min-release-age=7 # days
ignore-scripts=true