That’s why I switched to Java.

▲ Rp8yXmdmr 2 hours ago | parent | next [-]

You are absolutely right. The dangerous part of NPM packages is the post-install script. Therefore moving from JavaScript to Java removes the threat.

	▲	grezql 2 hours ago \| parent [-]
		[dead]

▲ keyle 2 hours ago | parent | prev | next [-]

    AbstractFinalFactoryShaiHuludSerialisedFactory

	▲	exabrial an hour ago \| parent \| next [-]
		https://dayssincelastjavascriptframework.com
	▲	general_reveal 2 hours ago \| parent \| prev [-]
		Yeah but you don’t have to use that I think. I think us Node people can just pretend to write Ecmascript 2 in Java and be fine.

▲ UqWBcuFx6NV4r 2 hours ago | parent | prev | next [-]

…. lol

▲ mschuster91 2 hours ago | parent | prev [-]

Meh maven plugins are just as juicy a target as npm is

	▲	exabrial an hour ago \| parent \| next [-]
		https://github.com/s4u/pgpverify-maven-plugin If you want paranoid mode, you can verify literally every part of the maven build process.
	▲	general_reveal an hour ago \| parent \| prev [-]
		What do u recommend?