Twitter | Search | |
Jayden Seric 20 Nov 18
Battle stations! Some sort of npm package injection attack affecting nodemon and a lot of other packages:
Reply Retweet Like
Jayden Seric
I filed a report at , but after submitting it redirected to a 404 page, I got no confirmation email or anything, and there appears to be no place to track the status. Did you get it?
Reply Retweet Like More
Jayden Seric 22 Nov 18
Replying to @jaydenseric
Your project is either vulnerable to, or infected by malicious code if running `npm ls event-stream flatmap-stream` yields results:
Reply Retweet Like
Vasyl Boroviak 21 Nov 18
Replying to @jaydenseric @npmjs
Hey mate. Unrelated to the npm issue. I've sent you an email to your me@ address. Just confirming if you got it.
Reply Retweet Like
Jayden Seric 21 Nov 18
Replying to @kore_sar
Yes I did! Thanks for that, I'll reply soon :) I've had tunnel vision the last day focusing on a package update:
Reply Retweet Like