David is a user on mastodon.sdf.org. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
David @ratamacue

Bug: packages are disappearing from the official npm repo.
Fact : anybody can create a package in the official npm repo.
So, I believe that for a few hour if a very important package disappeared, then it would have been very easy to take control of any node js server that runs software that depends on the original, lost, package.

Npm is not so secure, right?


@ratamacue whoo, this, combined with the attack scenario described in hackernoon.com/im-harvesting-c, this is pretty freaky.

I have a sense we are going to deal with some security fuckery, and it is going to be hard to explain.