Can we have the post install scripts (prepare) disabled by default? Post install scripts are cool but are a serious security risk in major projects.

samchon / nestia

NestJS Helper Libraries + TypeScript OpenAPI generator

https://nestia.io/

MIT License

1.81k stars 94 forks source link

Can we have the post install scripts (prepare) disabled by default? Post install scripts are cool but are a serious security risk in major projects. #1056

Open nezudevv opened 2 hours ago

nezudevv commented 2 hours ago

Question

I ask this because I want to use this in production for 2 applications but we don't want to use any package that uses post install scripts by default, due to potential security issues.

samchon commented 1 hour ago

No way.