Does `npm install` retrieve binaries or sources?

Asked Nov 05 '16 at 16:14

Active Nov 05 '16 at 16:14

Viewed 119 times

I am starting to use npm install a lot for development, but I fear about its security consequences. Does npm install retrieve binaries or sources?

If it's binaries, it's already a deal breaker for me.

If it's sources, what level of scrutiny is the node.js community having over the package repository? (E.g. I would like to compare this repository to other repositories, such as debian package repositories, which I guess are the safest out there.)

asked Nov 05 '16 at 16:14

knocte

2

What's the difference between binaries and sources when you run JavaScript in node.js? – aventurin Nov 05 '16 at 16:20
Rory McCune, did a [good talk](https://prezi.com/vjjq6n2x72ko/security-and-modern-software-deployment-owasp-edition/) about this. He's pretty active on this site, so you may hear from him directly. – paj28 Nov 05 '16 at 16:29
pretty ironic that the link to that security talk requires Flash ;) – knocte Nov 05 '16 at 17:06

Does `npm install` retrieve binaries or sources?

0 Answers0