At least now there is a blog post that you can link to and say "Sorry, but I don't run npm install locally because of the risk of phishing attacks."
At least now there is a blog post that you can link to and say "Sorry, but I don't run npm install locally because of the risk of phishing attacks."