Hacker News new | past | comments | ask | show | jobs | submit login

I imagined an optional delay for npm install/update. That way it would only slow down users who wanted more time.



Got it. Yea I agree that's useful and easy mitigation, and I'm sure enterprise users would certainly pay for other safety labeling/filtering/signing of packages.


It makes so much sense, surprised me that it doesn't exist.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: