Noticed that after ten mins, contacted author immediatly and he seems to be work... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		DDerTyp 64 days ago \| parent \| context \| favorite \| on: NPM debug and chalk packages compromised Noticed that after ten mins, contacted author immediatly and he seems to be working on it / restoring his account / removing malware on published packages. Kinda "proud" on it haha :D

jbverschoor 64 days ago [–]

Doesn’t npmjs do things like signing, pinning, and yanking packages, like rubygems?

paulddraper 64 days ago | [–]

Yes

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact