Appstore installs with --ignore-scripts
i think we should change Appstore to run npm install with --ignore-scripts
GitHub
Npm packages can have pre and post install scripts. They present a great possibility for attackers to run malicious code. This vector includes also transitive dependencies. Imho we should change ap...
