|
|
|
|
|
|
by 88913527
1559 days ago
|
|
|
> If they want to publish their upstream as malware, okay. NPM's terms explicitly disallow malware. They're free to put the raw source on say GitHub, but the author isn't permitted to package and distribute it on NPM. https://docs.npmjs.com/policies/open-source-terms |
|
|
I thought the author published it via Git and some npm maintainer scraped them.
If they distributed this code to end users that's just a cyberattack.