Comment by paulddraper
3 months ago
Maintainer phished.
Was caught quickly (hours? hard to be sure, the versions have been removed/overwritten).
Attacker owns npmjs.help domain.
3 months ago
Maintainer phished.
Was caught quickly (hours? hard to be sure, the versions have been removed/overwritten).
Attacker owns npmjs.help domain.
Noticed that after ten mins, contacted author immediatly and he seems to be working on it / restoring his account / removing malware on published packages.
Kinda "proud" on it haha :D
Doesn’t npmjs do things like signing, pinning, and yanking packages, like rubygems?
Yes