Show HN: Safe-install – safer NPM installs with trusted build dependencies

·Hacker News··

In light of the ongoing npm supply chain compromises, I built safe-install:https://www.npmjs.com/package/@gkiely/safe-installIt brings a couple of protections I wanted from npm but are not built in.Similar to Bun’s trusted dependencies, it lets you disable install scripts by default and define a list of dependencies that are allowed to run build/install scripts:https://bun.com/docs/guides/install/trustedIt also supports blocking exotic sub-dependencies, similar to pnpm’s `blockExoticSubdeps` setting:https://gajus.com/blog/3-pnpm-settings-to-protect-yourself-f...I was hoping npm would eventually add something like this, but it does not seem to be happening soon, so I made a small package for it.

Read full article →

Related Articles

“Beyond the limit”: Satellites and mirrors in space pose threat to the night sky
Breadmaker · Hacker News · 1d ago
Solar rail could become common in Europe after successful trial in Switzerland
neilfrndes · Hacker News · 2h ago
GPT-5.5 Codex reasoning-token clustering may be leading to degraded performance
maille · Hacker News · 19h ago
Potential session/cache leakage between workspace instances or consumer accounts
chatmasta · Hacker News · 1d ago
Show HN: KiCad in the Browser
ViktorEE · Hacker News · 5h ago