Bun also doesn't execute lifestyle scripts by default, except for a customizable... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		theodorejb 10 days ago \| parent \| context \| favorite \| on: NPM flooded with malicious packages downloaded mor... Bun also doesn't execute lifestyle scripts by default, except for a customizable whitelist of trusted dependencies: https://bun.com/docs/guides/install/trusted

codedokode 9 days ago [–]

"Trusted" dependencies are poor solution, the good solution is either never run scripts, or run them inside qemu.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact