Saturday, August 22, 2020

Block npm from running postinstall scripts

Every npm package when it install is capable of executing an arbitrary code (running on node) on you machine.
package.json
"scripts": { "postinstall: "virtus.js" }

This is a potential backdoor. I bet that sooner or later someone is going to take adventage of it. In order to block npm packages from doing it you can run this command on your machine.
npm config set ignore-scripts true
Posted by at No comments:
Labels: ,

Thursday, August 20, 2020

Conda virtual environment management

To list all env:
conda env list


To create:
conda create --name myenv

To create with a specific version of python
conda create -n myenv python=3.6

To activate:
conda activate myenv

To go back to base env:
conda deactivate

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)