Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
mschuster91
1 day ago
|
parent
|
context
|
favorite
| on:
Upcoming breaking changes for npm v12
An idea might be to not just pin "package xyz allowed", but "package xyz postinstall allowed with hash <1234>".
help
jffry
1 day ago
[–]
The default behavior for the automated "add everything existing to the allowlist" is to include the specific version:
https://docs.npmjs.com/cli/v11/using-npm/config#allow-script...
Together with a lockfile that does achieve "package xyz postinstall allowed with hash <1234>"
reply
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
