No, this is a different Zig book.

Apparently, yes. My guess is it was the Shai-hulud npm malware leaking their Github keys.

3 dollars is like a week of bus fares here and I remember a friend would walk back home from school to keep half the money.

Youtube is both 10x and 0.1x the quality, and the official app has no way to filter it. They even removed the feature (downvotes) to let the user filter it.

And the proliferation of AI videoslop is only making the 0.1x side larger and larger

If people cheat in the switch, they can blame Nintendo. If people cheat in PC, they can blame the anticheat. Without anticheat, they have to take the blame.

I still blame the devs of the games.

They can update their privacy policy at any time so it wouldn't have mattered if they added it after you made your account.

It's all an ad.

I looked at one and it was doubly encoded base64.

Is there a way to list all the packages in the dependency tree with preinstall/postinstall hooks? Preferably before doing the installation?

IDK. I usually notice it when it breaks the install

Also badly named commands, `npm install` updates your packages to the latest version allowed by package.json and updates the lock file, `npm ci` is what people usually want to do: install the versions according to the lock file.

IMO, `ci` should be `install`, `install` should be `update`.

Plus the install command is reused to add dependencies, that should be a separate command.

This hasn't been true since version 5.4.2, released in 2017.

`npm install` will always use the versions listed in package-lock.json unless your package.json has been edited to list newer versions than are present in package-lock.json.

The only difference with `npm ci` is that `npm ci` fails if the two are out of sync (and it deletes `node_modules` first).