2 comments

[ 3.1 ms ] story [ 17.9 ms ] thread
With a threat like this, I think the best action going forward would be to kick the author off of npm, and re-purpose the npm package name to a frozen-in-time version of a clean ad-free fork of the latest release, perhaps with a deprecation warning