How to securely use `pass`, `sudo`, and `npm` on the same machine
TL;DR: running npm i … not long after pass my-password allows a malicious package to steal my entire password store.
I use pass as a password manager, on Linux. And like probably all Linux users, I use sudo to run commands as root.
The … Continue reading How to securely use `pass`, `sudo`, and `npm` on the same machine