That’s why I switched to Java.
You are absolutely right. The dangerous part of NPM packages is the post-install script. Therefore moving from JavaScript to Java removes the threat.
[dead]
AbstractFinalFactoryShaiHuludSerialisedFactory
https://dayssincelastjavascriptframework.com
Yeah but you don’t have to use that I think. I think us Node people can just pretend to write Ecmascript 2 in Java and be fine.
…. lol
Meh maven plugins are just as juicy a target as npm is
https://github.com/s4u/pgpverify-maven-plugin
If you want paranoid mode, you can verify literally every part of the maven build process.
What do u recommend?
You are absolutely right. The dangerous part of NPM packages is the post-install script. Therefore moving from JavaScript to Java removes the threat.
[dead]
https://dayssincelastjavascriptframework.com
Yeah but you don’t have to use that I think. I think us Node people can just pretend to write Ecmascript 2 in Java and be fine.
…. lol
Meh maven plugins are just as juicy a target as npm is
https://github.com/s4u/pgpverify-maven-plugin
If you want paranoid mode, you can verify literally every part of the maven build process.
What do u recommend?