Twitter | Search | |
Jayden Seric Nov 20
Battle stations! Some sort of npm package injection attack affecting nodemon and a lot of other packages:
Reply Retweet Like
Jayden Seric
I filed a report at , but after submitting it redirected to a 404 page, I got no confirmation email or anything, and there appears to be no place to track the status. Did you get it?
Reply Retweet Like More
Vasyl Boroviak Nov 21
Replying to @jaydenseric @npmjs
Hey mate. Unrelated to the npm issue. I've sent you an email to your me@ address. Just confirming if you got it.
Reply Retweet Like
Jayden Seric Nov 21
Replying to @kore_sar
Yes I did! Thanks for that, I'll reply soon :) I've had tunnel vision the last day focusing on a package update:
Reply Retweet Like
Jayden Seric Nov 22
Replying to @jaydenseric
Your project is either vulnerable to, or infected by malicious code if running `npm ls event-stream flatmap-stream` yields results:
Reply Retweet Like