The article suggests this: > >As a user who owns modules you should not stay log... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ktRolster on March 26, 2016 \| parent \| context \| favorite \| on: Vulnerability #319816 – npm fails to restrict the ... The article suggests this: `> >As a user who owns modules you should not stay logged into npm. (Easily enough, npm logout and npmlogin) >Use npm shrinkwrap to lock down your dependencies >Use npminstall someModule --ignore-scripts >` I would add to toss a glance at the libraries you import every once in a while. Just to make sure they look sane.

u223344 on March 26, 2016 [–]

--ignore-scripts won't help much. The act of using any npm module means you implicitly trust all the javascript code in the module and any of its dependencies. Has anyone taken the time to inspect every line of the dozens of modules that many common packages pull in? Not likely.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact