Bun also doesn't execute lifestyle scripts by default, except for a customizable... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		theodorejb 57 days ago \| parent \| context \| favorite \| on: NPM flooded with malicious packages downloaded mor... Bun also doesn't execute lifestyle scripts by default, except for a customizable whitelist of trusted dependencies: https://bun.com/docs/guides/install/trusted

codedokode 57 days ago [–]

"Trusted" dependencies are poor solution, the good solution is either never run scripts, or run them inside qemu.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact