DEV Community


Discussion on: How a compromised NPM package can steal your secrets (POC + prevention)

maxivanov profile image
Max Ivanov Author

I think yes, and I've seen someone doing this. Do it first thing in the code (before the dependencies are loaded) and make sure subsequent invocations of the same Lambda instance do not depend on it anymore. A bit hacky but sounds like it should work!