|
|
|
|
|
|
by prawks
2895 days ago
|
|
|
Shortly after your post, they did revoke all access tokens: https://status.npmjs.org/incidents/dn7c1fgrr7ng > To protect potentially compromised accounts, npm is invalidating all npm login tokens created between 2018-07-11 00:00 UTC and 2018-07-12 12:30 UTC (about 2 hours ago). If you believe your account specifically was compromised we still recommend visiting https://www.npmjs.com/settings/~/tokens to revoke all your tokens. > Posted about 20 hours ago. Jul 12, 2018 - 16:42 UTC Then later: > We have now invalidated all npm tokens issued before 2018-07-12 12:30 UTC, eliminating the possibility of stolen tokens being used maliciously. This is the final immediate operational action we expect to take today. > We will be conducting a forensic analysis of this incident to fully establish how many packages and users were affected, but our current belief is that it was a very small number. We will be conducting a deep audit of all the packages in the Registry to confirm this. >Posted about 18 hours ago. Jul 12, 2018 - 18:52 UTC |
|
|