Another npm package taken over. Could not verify it, but the person claims that in total 36826 projects depend on it (npm lists 144 direct dependents). Also the "friendly" is editorialized by me to reflect the authors claims.
Since I editorialized the title (title = mastodon message content, which is too long; also it starts with "I just noticed...", which would be misleading), @dang feel free to edit, or @HN feel free to suggest a better title.
In fact, this issue was reported more generally at least a couple of months ago, with 2,818 accounts potentially affected[0]. The intended solution for this is to require 2FA for developers, which NPM are slowly rolling out.
2 comments
[ 2.9 ms ] story [ 17.4 ms ] threadPackage on npm: https://www.npmjs.com/package/foreach
Since I editorialized the title (title = mastodon message content, which is too long; also it starts with "I just noticed...", which would be misleading), @dang feel free to edit, or @HN feel free to suggest a better title.
In fact, this issue was reported more generally at least a couple of months ago, with 2,818 accounts potentially affected[0]. The intended solution for this is to require 2FA for developers, which NPM are slowly rolling out.
[0] https://therecord.media/thousands-of-npm-accounts-use-email-...