Comment by redbell
2 months ago
Related (7 days ago):
NPM debug and chalk packages compromised (1366 points, 754 comments): https://news.ycombinator.com/item?id=45169657
2 months ago
Related (7 days ago):
NPM debug and chalk packages compromised (1366 points, 754 comments): https://news.ycombinator.com/item?id=45169657
Related in that this is another, separate, attack on npm.
No direct relation to the specific attack on debug/chalk/error-ex/etc that happened 7 days ago.
The article states that this is the same attackers that got control of the "nx" packages on August 27th, which didn't really get a lot of traction on HN when it happened: https://hn.algolia.com/?dateRange=pastMonth&page=0&prefix=fa...
Seems to be a separate incident?
Separate? Yes. Unrelated? Hard to tell.
It's unrelated in every observable technical way, but related in that it's a bit crazy how often this is happening to npm lately.
I'm glad it wasn't this particular attack that hit me last week.