Installing any npm packages seems more and more like walking through the minefie... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

exaroth 45 days ago | parent | context | favorite | on: Postmortem: TanStack NPM supply-chain compromise

Installing any npm packages seems more and more like walking through the minefield at this point.

DaSHacka 45 days ago [–]

And the worst part is installing one pulls like 50 bazillion others because of how dysfunctional the ecosystem is

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact