When installing tailwindcss and @tailwindcsstailwindcsstailwindcsstailwindcss/vite on Windows with VSCode, I’m told that one of the tailwind packages (postinstall) is not trusted. I’m given an option to install the “offending” package IF I trust it (see below). I have no idea if I can trust it…especially given all of the malware that’s been included in Open Source Software.
Has anyone seen this issue? If there was to be malware included a postinstall package would be the perfect place to put it.
Console output:
$ bun add tailwindcss @tailwindcss/vite
bun add v1.2.20 (6ad208bc)
installed [email protected]
installed @tailwindcss/[email protected]
22 packages installed [3.85s]
Blocked 1 postinstall. Run bun pm untrusted for details.