It seems like this would be a nice feature if the binaries were signed by red hat etc, but unsigned or nobody-i-know signed 3rd party binaries are generally unacceptable.
perhaps we could honor a global npm config option to make "--build-from-source" default behavior?
It seems to make normal nodejs development inherently insecure when any npm library can suddenly start shipping black boxes... and only a matter of time before it gets widely exploited...
It seems like this would be a nice feature if the binaries were signed by red hat etc, but unsigned or nobody-i-know signed 3rd party binaries are generally unacceptable.
perhaps we could honor a global npm config option to make "--build-from-source" default behavior?
It seems to make normal nodejs development inherently insecure when any npm library can suddenly start shipping black boxes... and only a matter of time before it gets widely exploited...