Lol npm the cli has a vulnerability in a transitive dependency via a dependency which is now archived because npm the company laid off the employee who ran it for trying to unionize, so now it's not possible to run npm (or anything that depends on it) without specifically installing software with a known vulnerability.

Follow

The best bit is that I knew this at least six months ago as evidenced by GitHub.com/npm/cli/pull/198

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!