this post was submitted on 09 Nov 2025
341 points (98.9% liked)

Programmer Humor

27264 readers
776 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
341
npm install (infosec.pub)
submitted 1 day ago by cm0002@europe.pub to c/programmer_humor@programming.dev
14 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] dbx12@programming.dev 12 points 1 day ago (1 children)

I only do npm install in a docker container where the project and npm cache is mounted. Gives me a bit of security regarding attacks through post install scripts. (--no-scripts is not an option since I need some of them)

[–] victorz@lemmy.world 2 points 19 hours ago (1 children)

When do people ever do npm install if you don't trust the project or know what install scripts will run? I'm a web developer of 10 years and I've never run npm install to install a piece of software. The only time I ever run npm is when I'm doing development for work.

[–] dbx12@programming.dev 1 points 2 hours ago (1 children)

Usually in the "lets see how this random project I cloned from GitHub works for my use case" scenario. I want to see how it works and if it would cover my use case before spending time on checking code and dependencies for security issues.

[–] victorz@lemmy.world 1 points 2 hours ago* (last edited 2 hours ago)

So it doesn't have any other means of installing I take it.

Usually I take that as a red flag, that it isn't popular or mature enough. But to each their own.