I don't check every file but I use very sophisticated proprietary heuristics suc... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		throwaway290 on May 22, 2023 \| parent \| context \| favorite \| on: Malicious VSCode extensions with more than 45k ins... I don't check every file but I use very sophisticated proprietary heuristics such as "intuition" and "hunch" for how far to dig. I use vim so dependencies are explicit. But when using npm packages in work I give dependencies a look before I look anywhere else. An unfamiliar dependency gets looked at. It's easier since npm web browser allows inspecting code. It's a very imperfect process.

qup on May 22, 2023 [–]

Have you ever caught anything?

throwaway290 on May 22, 2023 | [–]

No, that would be a different story:) ended up not using dozens of plugins and libs stuff after a look at their dependencies and code though

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact