Show HN: npx -y @considered/harmful
a year ago
- #npm
- #security
- #MCP
- MCP servers commonly recommend using 'npx -y' for installation.
- This method downloads and executes arbitrary scripts from the internet, posing security risks.
- The author criticizes this practice as insecure and suggests MCP should adopt safer distribution methods.
- The package '@considered/harmful' was created as a joke to highlight these security concerns.