|
|
|
|
|
|
by cjbprime
3080 days ago
|
|
|
The last paragraph is good! The other paragraphs are bad. The two main ways they are bad are: 1) A system that detects "spam" and then allows for the complete removal of packages as if they never existed, allowing anyone to replace them, should never be described in the neutral terms used in this post. This system appears to be an existential threat to the company and project, and one of its largest mistakes. It won't take a long investigation to figure that out; it should be obvious today. 2) The claim that the security and integrity of these hijacked npm package names was not jeopardized appears to be 100% pants-on-fire false. If it is not false, I think npm's users are owed an explanation today of why it's false, rather than a bare assertion. I know it's hard to be in the hot seat. No animosity to any of the humans involved. |
|
|