Hacker News new | ask | show | jobs
by xwvvvvwx 3082 days ago
What was the root cause of the issue?
2 comments
chrisfosterelli 3082 days ago
Yes I'd be very curious to see a debrief on what the technical cause was. Thanks to the npm team for a quick weekend fix, at any rate!
link
seldo 3082 days ago
We're working on a full post-mortem now. Until then we don't want to give out misleading/partial information.
link
fl00d 3081 days ago
Any update on the post-mortem? How long have the binaries been replaced? Is there evidence that malware was injected into the binaries?

Additionally, you should brush up on your code signing implementations. Had you signed it with a trusted code signing cert, consumers could have verified that you produced the binaries...and not a malicious user. Assuming they didnt have access to the private key material of your code signing key.

link
chrisfosterelli 3078 days ago
Not sure if you saw but they did post this: http://blog.npmjs.org/post/169432444640/npm-operational-inci...
link
drdrey 3082 days ago
Or rather: what were the contributing factors of the issue?
link