I’ve never seen code that is downloaded run itself. Why not be the change you want to see in the world and run sudo or spawn your browser in a jail. Or download as another user.

▲

endymi0n 2 days ago | parent [-]

Welcome to npm post-install scripts... https://docs.npmjs.com/cli/v11/using-npm/scripts

▲

okanat 2 days ago | parent | next [-]

And Rust build scripts: https://doc.rust-lang.org/cargo/reference/build-scripts.html

▲

johnny22 2 days ago | parent | prev [-]

glad pnpm disables those by default!

	▲	skeeter2020 2 days ago \| parent [-]
		PSA: if you're using (a newish release of) npm you should have something like this as a default, unless you've got good reasons not to: min-release-age=7 # days ignore-scripts=true