When do people ever do npm install if you don’t trust the project or know what install scripts will run? I’m a web developer of 10 years and I’ve never run npm install to install a piece of software. The only time I ever run npm is when I’m doing development for work.
Usually in the “lets see how this random project I cloned from GitHub works for my use case” scenario. I want to see how it works and if it would cover my use case before spending time on checking code and dependencies for security issues.
When do people ever do npm install if you don’t trust the project or know what install scripts will run? I’m a web developer of 10 years and I’ve never run npm install to install a piece of software. The only time I ever run npm is when I’m doing development for work.
Usually in the “lets see how this random project I cloned from GitHub works for my use case” scenario. I want to see how it works and if it would cover my use case before spending time on checking code and dependencies for security issues.
So it doesn’t have any other means of installing I take it.
Usually I take that as a red flag, that it isn’t popular or mature enough. But to each their own.