To me this is asking the question of "what's the safest way to drink from a poll... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lesuorac 38 days ago \| parent \| context \| favorite \| on: Shai-Hulud Returns: Over 300 NPM Packages Infected To me this is asking the question of "what's the safest way to drink from a polluted river". The answer is really, don't. NPM and the JS eco-system has really gone down a path of zero security and they're paying the price for it. If you really need libraries from NPM and whatnot, vendorize them so you're relying on known-safe files and don't arbitrarily update them without re-verification.

vedhant 38 days ago | [–]

This is true. Today its npm, tomorrow it could be some other language. Shouldnt we focus on solving it at the root?

samdoesnothing 38 days ago | [–]

Some of us need to drink from the river to eat :(

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact