Twitter | Search | |
Jayden Seric Nov 20
Battle stations! Some sort of npm package injection attack affecting nodemon and a lot of other packages:
Reply Retweet Like
Jayden Seric
I filed a report at , but after submitting it redirected to a 404 page, I got no confirmation email or anything, and there appears to be no place to track the status. Did you get it?
Reply Retweet Like More
Vasyl Boroviak 🐗🐃 Nov 21
Replying to @jaydenseric @npmjs
Hey mate. Unrelated to the npm issue. I've sent you an email to your me@ address. Just confirming if you got it.
Reply Retweet Like
Jayden Seric Nov 21
Replying to @kore_sar
Yes I did! Thanks for that, I'll reply soon :) I've had tunnel vision the last day focusing on a package update:
Reply Retweet Like
Jayden Seric Nov 22
Replying to @jaydenseric
Your project is either vulnerable to, or infected by malicious code if running `npm ls event-stream flatmap-stream` yields results:
Reply Retweet Like