Show HN: Safe-install – safer NPM installs with trusted build dependencies

gkiely·Hacker News·Community·

In light of the ongoing npm supply chain compromises, I built safe-install:https://www.npmjs.com/package/@gkiely/safe-installIt brings a couple of protections I wanted from npm but are not built in.Similar to Bun’s trusted dependencies, it lets you disable install scripts by default and define a list of dependencies that are allowed to run build/install scripts:https://bun.com/docs/guides/install/trustedIt also supports blocking exotic sub-dependencies, similar to pnpm’s `blockExoticSubdeps` setting:https://gajus.com/blog/3-pnpm-settings-to-protect-yourself-f...I was hoping npm would eventually add something like this, but it does not seem to be happening soon, so I made a small package for it.

Read full article →

Related Articles

An OpenAI model has disproved a central conjecture in discrete geometry
tedsanders · Hacker News · 20h ago
GitHub confirms breach of 3,800 repos via malicious VSCode extension
Timofeibu · Hacker News · 1d ago
Show HN: Rmux – A programmable terminal multiplexer with a Playwright-style SDK
shideneyu · Hacker News · 6h ago
Incident Report: May 19, 2026 – GCP Account Suspension
0xedb · Hacker News · 1d ago
Not alive, but not dead: disembodied human brains used for drug testing
Timofeibu · Hacker News · 19h ago