Clearly more could have been done. It's suspicious that they'd only grab npm tokens. Perhaps the responsible party just wanted to prove a point?
We're lucky this issue was detected because of an error. I would bet this has happened or is happing now without anyone knowing. Javascript is particularly difficult to find malicious code as code can be executed in…
I haven't been a big fan of ORM's even before DataMapper in Ruby. I found that it was too easy to make non-performant queries and found myself writing raw SQL anyway. Some argue that using an ORM means you can switch…
I completely agree with the author. The loudest people in the Node community have been evangelizing this practice for as long as I can remember. This shouldn't come as a surprise. The argument, "If I didn't write it I…
Here's a highly downloaded 11 line module with lots of dependents. https://www.npmjs.com/package/escape-string-regexp I stopped searching at 1. I've certainly benefitted from the vast ecosystem of npm. I greatly…
Clearly more could have been done. It's suspicious that they'd only grab npm tokens. Perhaps the responsible party just wanted to prove a point?
We're lucky this issue was detected because of an error. I would bet this has happened or is happing now without anyone knowing. Javascript is particularly difficult to find malicious code as code can be executed in…
I haven't been a big fan of ORM's even before DataMapper in Ruby. I found that it was too easy to make non-performant queries and found myself writing raw SQL anyway. Some argue that using an ORM means you can switch…
I completely agree with the author. The loudest people in the Node community have been evangelizing this practice for as long as I can remember. This shouldn't come as a surprise. The argument, "If I didn't write it I…
Here's a highly downloaded 11 line module with lots of dependents. https://www.npmjs.com/package/escape-string-regexp I stopped searching at 1. I've certainly benefitted from the vast ecosystem of npm. I greatly…