Hacker News new | ask | show | jobs
by fibo 3735 days ago
Just to share, there is an issue about uglifyjs https://github.com/mishoo/UglifyJS2/issues/936
2 comments
u223344 3734 days ago
Ironically the same person who first reported this npm vulnerability used the wrong package name uglifyjs instead of uglify-js in an unrelated github project.

https://github.com/mishoo/UglifyJS2/issues/936#issuecomment-...

https://github.com/samccone/The-cost-of-transpiling-es2015-i...

Or perhaps was it a security experiment to see how long it took someone to notice.

link
nailer 3735 days ago
The uglify authors should use 'uglify' per the naming conventions and can easily reserve uglify-js and uglifyjs as empty / legacy packages.
link
u223344 3734 days ago
According to the parent link they've been waiting for npm support to respond for a over a month.
link
nailer 3734 days ago
They filed an official dispute 11 hours ago.
link
dps7t 3734 days ago
Feb 4th. https://github.com/mishoo/UglifyJS2/issues/936#issuecomment-...
link