谁审查 npm 包?
[英]Who reviews npm packages?
问题描述
I have just started to use nodejs and npm when learning react native.
我刚开始在学习 react native 时使用 nodejs 和 npm。 Various tutorials talk about installing packages using npm.各种教程讨论使用 npm 安装软件包。 I am always cautious about installing software from the Internet.我总是对从 Internet 安装软件持谨慎态度。 So, wanted to know if the node packages are reviewed to reduce the risk of malicious intent?那么,想知道节点包是否经过审查以降低恶意企图的风险?
Also, do node packages have a limited scope (are somehow sandboxed, have limited ability to do damage, etc)??另外,节点包的范围是否有限(不知何故被沙箱化,造成损坏的能力有限等)??
2 个解决方案
解决方案1
2 已采纳 2016-09-22 19:59:39
No one reviews them and there is no sandbox.没有人评论它们,也没有沙箱。 Caveat emptor.买者自负。 If there is something malicious it has to be reported by users, at which point npm inc will review it.如果有恶意内容必须由用户报告,届时 npm inc 将对其进行审查。
解决方案2
0 2016-09-22 19:56:37
NPM, Inc is the company behind the package manager. NPM, Inc是包管理器背后的公司。 You can look at their security policies .你可以看看他们的安全策略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.