简体繁体中英

Who reviews npm packages?

原文 2016-09-22 19:53:52 7 2 node.js/ npm

I have just started to use nodejs and npm when learning react native. Various tutorials talk about installing packages using npm. I am always cautious about installing software from the Internet. So, wanted to know if the node packages are reviewed to reduce the risk of malicious intent?

Also, do node packages have a limited scope (are somehow sandboxed, have limited ability to do damage, etc)??

2 answers

No one reviews them and there is no sandbox. Caveat emptor. If there is something malicious it has to be reported by users, at which point npm inc will review it.

NPM, Inc is the company behind the package manager. You can look at their security policies .

NPM Install is exctracting packages

meteor deploy npm packages

Does npm cache packages?

NPM not installing packages

Update NPM Packages

2013 Meteor NPM Packages

NPM Cant install Packages

Caching packages for npm install

npm not installing packages on WSL

npm install not installing packages

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question NPM Install is exctracting packages meteor deploy npm packages Does npm cache packages? NPM not installing packages Update NPM Packages 2013 Meteor NPM Packages NPM Cant install Packages Caching packages for npm install npm not installing packages on WSL npm install not installing packages

Related Tags

Who reviews npm packages?

Question

2 answers

solution1
2 ACCPTED 2016-09-22 19:59:39

solution2
0 2016-09-22 19:56:37

Who reviews npm packages?

Question

2 answers

solution1 2 ACCPTED 2016-09-22 19:59:39

solution2 0 2016-09-22 19:56:37

solution1
2 ACCPTED 2016-09-22 19:59:39

solution2
0 2016-09-22 19:56:37