Installing 3rd party packages the way Node and Python devs do regularly _is_ a security hole.
replyWe definitely agree on that. Fortunately some of the 600+ comments here include suggestions of what to do about it.
replyEven more wild to read that sarcasm about "removing locks from doors for 87% speedup" is considered extreme...
replyAnd yes, we agree that running unconstrained AI agents with --dangerous-skip-confirm flags and seeing nothing wrong with it is insane. Kind of like just advertising for burglars to come open your doors for you before you get home - yeah, it's lots faster to get in (and to move about the house with all your stuff gone).