Won't that still download malicious packages that are dep? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lelanthran 14 days ago \| parent \| context \| favorite \| on: NPM flooded with malicious packages downloaded mor... Won't that still download malicious packages that are dep?

ashishb 14 days ago [–]

Yeah but those deps won't access your browser cookies and tour secret keys that are outside the current directory.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact