Comment by winterqt
3 months ago
Thank you for the swift and candid response, this has to suck. :/
> The author appears to have deleted most of the compromised package before losing access to his account. At the time of writing, the package simple-swizzle is still compromised.
Is this quote from TFA incorrect, since npm hasn’t yanked anything yet?
Quote is probably added recently. Not entirely correct as I have not regained access; nothing happening to the packages is of my own doing.
npm does appear to have yanked a few, slowly, but I still don't have any insight as to what they're doing exactly.