> that other package managers don't require code execution to install
But that's more or less true. Arbitrary code execution isn't a feature needed when installing packages for other languages that don't use C bindings so heavily.
You're spot on that Node.js isn't alone, Python packages are very much the same in that packages can require code execution to install.
But not all packaging systems require the ability to execute package provided code in order to install some packages.
But then, in those languages, binding to C libs is far far less common.
But that's more or less true. Arbitrary code execution isn't a feature needed when installing packages for other languages that don't use C bindings so heavily.
You're spot on that Node.js isn't alone, Python packages are very much the same in that packages can require code execution to install.
But not all packaging systems require the ability to execute package provided code in order to install some packages.
But then, in those languages, binding to C libs is far far less common.