Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
8organicbits
on Oct 22, 2021
|
parent
|
context
|
favorite
| on:
NPM package ‘ua-parser-JS’ with more than 7M weekl...
I imagined an optional delay for npm install/update. That way it would only slow down users who wanted more time.
okhobb
on Oct 23, 2021
|
next
[–]
Got it. Yea I agree that's useful and easy mitigation, and I'm sure enterprise users would certainly pay for other safety labeling/filtering/signing of packages.
alienalp
on Oct 23, 2021
|
prev
[–]
It makes so much sense, surprised me that it doesn't exist.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: