Slacker News Slacker News logo featuring a lazy sloth with a folded newspaper hat
  • top
  • new
  • show
  • ask
  • jobs
Library
← Back to context

Comment by dec0dedab0de

1 day ago

I was really saying that if there is a compromised version that gets removed from NPM, then the projects using it do not need to be updated, unless of course they had the compromised version pinned.

Though plenty of orgs centralize dependencies with something like artifactory, and run scans.

1 comment

dec0dedab0de

Reply
bluGill  1 day ago

If someone detects it is asking a lot.

Slacker News

Product

  • API Reference
  • Hacker News RSS
  • Source on GitHub

Community

  • Support Ukraine
  • Equal Justice Initiative
  • GiveWell Charities