Thank you for the swift and candid response, this has to suck. :/ > The author a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		winterqt 59 days ago \| parent \| context \| favorite \| on: NPM debug and chalk packages compromised Thank you for the swift and candid response, this has to suck. :/ > The author appears to have deleted most of the compromised package before losing access to his account. At the time of writing, the package simple-swizzle is still compromised. Is this quote from TFA incorrect, since npm hasn’t yanked anything yet?

junon 59 days ago [–]

Quote is probably added recently. Not entirely correct as I have not regained access; nothing happening to the packages is of my own doing.

npm does appear to have yanked a few, slowly, but I still don't have any insight as to what they're doing exactly.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact