We maintain an automatically updated list of "trivial packages" (defined as less... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		feross on April 11, 2022 \| parent \| context \| favorite \| on: Node.js packages don't deserve trust We maintain an automatically updated list of "trivial packages" (defined as less than 10 lines of code) here: https://socket.dev/npm/issue/trivialPackage Is this the type of list you were looking for? It's not a perfect metric and isn't meant to disparage any of the maintainers of these packages, but it's one factor in our Socket.dev risk analysis.

cabirum on April 11, 2022 [–]

Yes, exactly!

feross on April 11, 2022 | [–]

Great!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact