npm had a security meltdown, here are some steps that might be worth considering for the short, mid and long-term https://gist.github.com/yoshuawuyts/230364f2f3f745f922f4 …
-
@yoshuawuyts One thought: during development I recommend using VM sandbox. Makes it safer to try new versions/packages out with impunity.
@chromakode that's very reasonable advice - but wonder what the added value is if you don't audit all your packages
-
-
@chromakode what would you be on the lookout for?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@yoshuawuyts as you know every `npm install` is an exposure. VM sandbox both restricts file access (ssh keys) and hopefully priv escalation -
@yoshuawuyts of course you still need to audit for production, but during development it's valuable to be able to try new things rapidly - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.