| ▲ | spacebanana7 5 days ago | |
Conceivably couldn’t a post install script be used for the malicious dependency to install its own instance of Claude code (or similar tool)? In which case you couldn’t really separate your dev environment from a hostile LLM. | ||
| ▲ | christophilus 5 days ago | parent | next [-] | |
I run npm in the container, too, along with my dev tooling. They’d have to break out of the container, which I’m sure is possible, but is a good bit harder than just running an arbitrary nom script. | ||
| ▲ | anon7000 5 days ago | parent | prev [-] | |
Yes, though the attackers would have to pay for an account. In this case, it’s using a pre-installed, pre-authorized tool, using your own credits to hack you | ||