|
|
|
|
|
|
by ohitsdom
3083 days ago
|
|
|
It does fix the problem, although consumers of the package need to first verify they trust the original author. For example, if Google published "Google/polymer", dependents would be unaffected if a new package was published from "badguy/polymer". I think you're saying it's still not fixed because someone could register the Google author name before the real Google gets it, but that is a understood problem across every website. |
|
|