Ask HN: What to do to protect against NPM malicious activities?

2 points by d0m ↗ HN
Hi, yesterday's episode showed us how risky using NPM is. What would be a strong and practical alternative? Is it to save the node_modules and use that instead of downloading the packages while building? Thanks

1 comment

[ 0.26 ms ] story [ 12.6 ms ] thread
First thing that comes to my mind is to have your own mirror that downloads the packages if it does not have them locally, otherwise just serve the local copy.