Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you're distributing something that uses this package, it's not just your dev computer at risk, it's all the users.


I'm aware thanks, but if your company is doing the standard practice of using 10k dependencies for some JS webslop you don't really have any other options but to protect yourself.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: