top | item 45172334

(no title)

winterqt | 5 months ago

Thank you for the swift and candid response, this has to suck. :/

> The author appears to have deleted most of the compromised package before losing access to his account. At the time of writing, the package simple-swizzle is still compromised.

Is this quote from TFA incorrect, since npm hasn’t yanked anything yet?

discuss

junon|5 months ago

Quote is probably added recently. Not entirely correct as I have not regained access; nothing happening to the packages is of my own doing.

npm does appear to have yanked a few, slowly, but I still don't have any insight as to what they're doing exactly.