This is one of the reasons npm packages with a compiled minified dist js files a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jwlake on Nov 26, 2018 \| parent \| context \| favorite \| on: Backdoor in event-stream library dependency This is one of the reasons npm packages with a compiled minified dist js files are a bad idea, makes hiding malicious code surprisingly easy.

kentm on Nov 26, 2018 [–]

I'm not sure that it would matter much in practice. I don't think anyone really reads the code for their transitive dependencies.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact