[–] dylmye 10mo ago ↗ The two listed collaborators of the debug package have over 700 packages published collectively, many of them with millions of weekly downloads. What could possibly go wrong when their token is compromised?
[–] ChrisArchitect 10mo ago ↗ A blog post: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... (https://news.ycombinator.com/item?id=45169657)
[–] davely 10mo ago ↗ More and more, I am thinking all my local development environments for Node / JavaScript projects need to be setup in a sandboxed VM.
5 comments
[ 4.7 ms ] story [ 16.7 ms ] thread