npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Show security vulnerabilities, ask for consent before installing something on the user's computer

Current behavior when running npm install on the command line:

Desired behavior on the command line client:

If the number of installs for a package go down, that might create an incentive for package managers to update their dependencies or code. Also, out of respect for the user, we should tell him/her beforehand.

What do you think?