|
|
|
|
|
|
by rspeer
3079 days ago
|
|
|
Are you saying that displaying a Bible quote, modified to refer to the fact that duplexer3 is gone, is "malicious"? I believe this was one of the cases of a community member stepping up to publish a package quickly so that malicious code wasn't published. Presumably they make the claim that none of the code was malicious because they checked. |
|
|
> the integrity of these 106 packages were never jeopardized.
are we operating with different definitions of jeopardy here? 106 packages were absolutely at risk of harm during this window. The fact that some community members stepped up is irrelevant, a bad actor could have done a lot of damage here. I think this blog post is completely disingenuous, and doesn't make me trust npm.