Maven does not support "scripts" as NPM does, such as the pre-install script use... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		oftenwrong 87 days ago \| parent \| context \| favorite \| on: Shai-Hulud Returns: Over 300 NPM Packages Infected Maven does not support "scripts" as NPM does, such as the pre-install script used for this exploit. With scripts enabled, the mere act of downloading a dependency requires a high degree of trust in it.

15155 86 days ago [–]

Downloading a dependency also requires a high degree of trust in whatever transitive dependencies that a trusted dependency decides to pull in.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact