Block npm from running postinstall scripts

Every npm package when it install is capable of executing an arbitrary code (running on node) on you machine.
package.json
"scripts": { "postinstall: "virtus.js" }

This is a potential backdoor. I bet that sooner or later someone is going to take adventage of it. In order to block npm packages from doing it you can run this command on your machine.
npm config set ignore-scripts true