Comment by general_reveal 2 hours ago That’s why I switched to Java. 9 comments general_reveal Reply Rp8yXmdmr 2 hours ago You are absolutely right. The dangerous part of NPM packages is the post-install script. Therefore moving from JavaScript to Java removes the threat. grezql 2 hours ago [dead] keyle 2 hours ago AbstractFinalFactoryShaiHuludSerialisedFactory exabrial 1 hour ago https://dayssincelastjavascriptframework.com general_reveal 2 hours ago Yeah but you don’t have to use that I think. I think us Node people can just pretend to write Ecmascript 2 in Java and be fine. UqWBcuFx6NV4r 2 hours ago …. lol mschuster91 1 hour ago Meh maven plugins are just as juicy a target as npm is exabrial 1 hour ago https://github.com/s4u/pgpverify-maven-pluginIf you want paranoid mode, you can verify literally every part of the maven build process. general_reveal 1 hour ago What do u recommend?
Rp8yXmdmr 2 hours ago You are absolutely right. The dangerous part of NPM packages is the post-install script. Therefore moving from JavaScript to Java removes the threat. grezql 2 hours ago [dead]
keyle 2 hours ago AbstractFinalFactoryShaiHuludSerialisedFactory exabrial 1 hour ago https://dayssincelastjavascriptframework.com general_reveal 2 hours ago Yeah but you don’t have to use that I think. I think us Node people can just pretend to write Ecmascript 2 in Java and be fine.
general_reveal 2 hours ago Yeah but you don’t have to use that I think. I think us Node people can just pretend to write Ecmascript 2 in Java and be fine.
mschuster91 1 hour ago Meh maven plugins are just as juicy a target as npm is exabrial 1 hour ago https://github.com/s4u/pgpverify-maven-pluginIf you want paranoid mode, you can verify literally every part of the maven build process. general_reveal 1 hour ago What do u recommend?
exabrial 1 hour ago https://github.com/s4u/pgpverify-maven-pluginIf you want paranoid mode, you can verify literally every part of the maven build process.
You are absolutely right. The dangerous part of NPM packages is the post-install script. Therefore moving from JavaScript to Java removes the threat.
[dead]
https://dayssincelastjavascriptframework.com
Yeah but you don’t have to use that I think. I think us Node people can just pretend to write Ecmascript 2 in Java and be fine.
…. lol
Meh maven plugins are just as juicy a target as npm is
https://github.com/s4u/pgpverify-maven-plugin
If you want paranoid mode, you can verify literally every part of the maven build process.
What do u recommend?