[no29]

it's beyond disingenuous and flat out dishonest for npm to say the integrity of the packages was never jeopardized. within minutes there were reports that packages had been replaced with questionable and malicious content.

https://news.ycombinator.com/item?id=16087079

this is probably a good indication of how a much more serious security event would be treated by the organization.. just sayin

[mannykannot]

At the very least, Npm should explain why we can be sure the packages now offered are exactly the same as they were before the incident, if, in fact, it is in a position to make that claim.

[strictnein]

Yeah, I have no idea how they can even pretend to claim that.