9 comments

[ 3.3 ms ] story [ 31.2 ms ] thread
Hit me. Disables security in Chrome. I will be wiping everything. Changed passwords already, but I assume they stole everything.
It appears the individual was unable to distinguish a display name from the actual email address (common phishing tactic of having something like admin@company.org as the email display name while the actual email address is a random throwaway). [1]

Good reminder to use a password manager as well (as it would also catch the 'npnjs' typo squatted domain too).

Similar incident happened to the HIBP guy who mentioned ignoring the password manager safeguards due to being half asleep while on the plane.

Also keep in mind you can disable install scripts in npm from running (if you happen to not do your development in an isolated environment) via configuring your .npmrc with

> ignore-scripts=true

Stay safe out there

1: https://x.com/JounQin/status/1946297662069993690