Hacker News new | past | comments | ask | show | jobs | submit login

Exploiting auto-downloading modules requires that the filesystem's already been exploited to the point where the app's code can be modified.

I could add `require('foo')` but I could also just require no third party code and have fun with the `process` module.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact