| ▲ | minitech 3 days ago | |
> Because ads are not how malware is distributed? Malware is absolutely distributed through ads. In the case of more reputable ad platforms that don’t allow arbitrary scripts, it’s by linking to malware, but they’re also used to serve drive-by exploits. > You have higher chance of getting a malware from `pnpm add` than seeing an ad on the web. If you’re a normal computer user who browses the web without an ad blocker and never runs `pnpm add`, the relevant chance is a little different. (Fun side fact: current pnpm wisely doesn’t run install scripts by default.) | ||
| ▲ | vasco 3 days ago | parent [-] | |
And its users wisely read all of those scripts before manually running them, same as the library code, they read all of it before running. | ||