Did you know that there’s a serious vunerability issue within’ the NPM ecosystem? The fact the matter is that when installing a front-end development dependency, arbitrary code from potentially thousands of different packages is run on your computer. “Arbitrary code” here just means code that is allowed to do ANYTHING. In otherwords, you could be NPM installing a virus onto your computer.
Run: npm config set ignore-scripts true
and avoid this!
Warning: You can’t just leave this true if you use NPM scripts. You must set it back to false once you’re finished installing packages:
npm config set ignore-scripts false