probably via normal npm injection server side.
But once you can make people download your malicious js code using npm, why would you then need to inject malicious js code in protobuf?
alt Hacker News
But once you can make people download your malicious js code using npm, why would you then need to inject malicious js code in protobuf?