A little under a year ago, the package "leftpad" broke NPM builds all over the world because the author pulled it from the public repository.The same is happening today, for "pinkie-promise". The author's NPM account (@floatdrop) was deleted, opening opportunities for malware in all the packages he's written.Dependent builds include Ionic and (in my case) node-sass.Resources:NPM issue: http://ift.tt/2m7fh4a report: http://ift.tt/2qzQ0E3 issue: http://ift.tt/2m7fi8e packages: http://ift.tt/2qxk57x of @floatdrop's repositories: http://ift.tt/2lYWUxg
Submitted January 06, 2018 at 08:25PM by Jodiug
No comments:
Post a Comment