← Back to Product Feed

Hacker News Show HN: Safe-install – safer NPM installs with trusted build dependencies

Provides protections against npm supply chain compromises by allowing disabling install scripts by default, defining trusted dependencies for script execution, and blocking exotic sub-dependencies, similar to Bun and pnpm features.

10
Traction Score
0
Discussions
May 12, 2026
Launch Date
View Origin Link

Product Positioning & Context

AI Executive Synthesis
Provides protections against npm supply chain compromises by allowing disabling install scripts by default, defining trusted dependencies for script execution, and blocking exotic sub-dependencies, similar to Bun and pnpm features.
Safe-install directly confronts the escalating threat of npm supply chain compromises, a critical security vulnerability for any organization relying on JavaScript ecosystems. By introducing granular control over install scripts and sub-dependencies, it provides a crucial layer of defense against malicious packages. The ability to disable scripts by default and whitelist trusted dependencies mirrors best practices seen in other package managers like Bun and pnpm, highlighting a recognized industry need. This tool addresses a significant developer and organizational pain point: securing the software supply chain without waiting for native npm features. Its adoption can substantially mitigate risk, enhancing the integrity and trustworthiness of deployed applications.
In light of the ongoing npm supply chain compromises, I built safe-install:https://www.npmjs.com/package/@gkiely/safe-installIt brings a couple of protections I wanted from npm but are not built in.Similar to Bun’s trusted dependencies, it lets you disable install scripts by default and define a list of dependencies that are allowed to run build/install scripts:https://bun.com/docs/guides/install/trustedIt also supports blocking exotic sub-dependencies, similar to pnpm’s `blockExoticSubdeps` setting:https://gajus.com/blog/3-pnpm-settings-to-protect-yourself-f...I was hoping npm would eventually add something like this, but it does not seem to be happening soon, so I made a small package for it.
npm supply chain compromises safe-install install scripts trusted build dependencies trusted dependencies disable install scripts block exotic sub-dependencies Bun

Related Ecosystem & Alternatives

Discover adjacent products, open-source repositories, and developer tools sharing similar technical architecture.

Hacker News
Show HN: Run Claude Code autonomously...
Claude Code's --dangerously-skip-permissions flag lets agents run without interruption...

Deep-Dive FAQs

What is Safe-install – safer NPM installs with trusted build dependencies?
Safe-install – safer NPM installs with trusted build dependencies is analyzed by our AI as: Provides protections against npm supply chain compromises by allowing disabling install scripts by default, defining trusted dependencies for script execution, and blocking exotic sub-dependencies, similar to Bun and pnpm features.. It focuses on Safe-install directly confronts the escalating threat of npm supply chain compromises, a critical security vulnerability for any organization relyi...
Where did Safe-install – safer NPM installs with trusted build dependencies originate?
Data for Safe-install – safer NPM installs with trusted build dependencies was aggregated directly from the Hacker News community ecosystem, representing raw developer and early-adopter sentiment.
When was Safe-install – safer NPM installs with trusted build dependencies publicly launched?
The initial public indexing or launch date for Safe-install – safer NPM installs with trusted build dependencies within our tracked developer communities was recorded on May 12, 2026.
How popular is Safe-install – safer NPM installs with trusted build dependencies?
Safe-install – safer NPM installs with trusted build dependencies has achieved measurable traction, logging over 10 traction score and facilitating 0 recorded discussions or engagements.
Which technical categories define Safe-install – safer NPM installs with trusted build dependencies?
Based on metadata extraction, Safe-install – safer NPM installs with trusted build dependencies is categorized under topics such as: npm supply chain compromises, safe-install, install scripts, trusted build dependencies.
How does the creator describe Safe-install – safer NPM installs with trusted build dependencies?
The original author or development team describes the product as follows: "In light of the ongoing npm supply chain compromises, I built safe-install:https://www.npmjs.com/package/@gkiely/safe-installIt brings a couple of protections I wanted from npm but are not built in..."

Community Voice & Feedback

No active discussions extracted yet.

Discovery Source

Hacker News Hacker News

Aggregated via automated community intelligence tracking.

Tech Stack Dependencies

No direct open-source NPM package mentions detected in the product documentation.

Media Tractions & Mentions

No mainstream media stories specifically mentioning this product name have been intercepted yet.

Deep Research & Science

No direct peer-reviewed scientific literature matched with this product's architecture.