
Ask HN: What to do to protect against NPM malicious activities? - d0m
Hi, yesterday&#x27;s episode showed us how risky using NPM is. What would be a strong and practical alternative? Is it to save the node_modules and use that instead of downloading the packages while building? Thanks
======
LoneWolf
First thing that comes to my mind is to have your own mirror that downloads
the packages if it does not have them locally, otherwise just serve the local
copy.

