Skip to content

Add post install script informing about security holding packages#23

Open
laurinenas wants to merge 1 commit into
npm:masterfrom
laurinenas:master
Open

Add post install script informing about security holding packages#23
laurinenas wants to merge 1 commit into
npm:masterfrom
laurinenas:master

Conversation

@laurinenas

Copy link
Copy Markdown

Suggestion:

Inform the user that package has been compromised and replaced with security holder.

Why?

Some of the packages get more than a million weekly downloads (e.g. fs). If a message was added the users could at least trim their dependencies and remove unnecessary downloads, slightly reducing global internet usage, electricity waste, etc

@dscreve

dscreve commented Apr 23, 2026

Copy link
Copy Markdown

Is there any action to check if package was installed on system ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants