Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think that helps me understand. What are some examples of things where I'd want initialization or registration? What packages are impossible to install with this, besides cases where npm is used as an alternative to apt/yum to install dev executables?


Create registry entries in a config file for all local printers found in the existing OS configuration. Remember that the installer runs with privileges that the application won't normally have. So anytime you have to use those privileges you don't do it at runtime, you do it at install time. And this requires the hook.


And is that worth it? Scanning for printers? In an NPM module? Surely there are better examples somewhere.


If I install a package and it starts scanning my local printers, it get immediately removed and the author put on a blacklist.

No other ecosystem is that dense, none of them require such stupid and dangerous flows to work.


Yeah I'm not sure hunterpayne isn't an AI that did some research to answer my question and immediately found a printer-based hack in an npm package.


I think I'm the last living engineer based on this conversation. Installers have worked this way for decades.


Not for programming package managers.

Npm is not some generic software package manager, it's for node. No other tool does this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: