|
|
|
|
|
|
by NoNameProvided
1845 days ago
|
|
|
> If that is the case, then contributor's emails are being 'leaked' without their say-so or probably knowledge When you login into the NPM CLI it printed in all caps that the given email address will be public. I don't like this either about NPM, but it's not like they are leaking in, they are upfront about it and warn you that the registered email address will be accessible to anyone in the package metadata. |
|
|
However, it's been made significantly more accessible in a tool like this. NPM doesn't list it prominently in their UI anywhere (I believe).
So the 'leak' is up-publicizing data outside of the control of the owner, and when other, intentional (and likely better) alternatives exist.