NPM library with 2m installs has a backdoor, looks to be some kind of Trojan (stealer?)https://github.com/dominictarr/event-stream/issues/116 …
And in this alternate universe where the author had signed his code before GIVING THE REPO TO SOMEBODY ELSE, this code wouldn't have been affected? And nobody using npm would have received the malicious updates?
-
-
GitHub source code ≠ NPM publishing rights or even the same code
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.