reply on: Compromised npm package silently installs OpenClaw on developer machines \ stacker news

pull down to refresh

You can also specify which packages can do anything post install