Y
Hacker News
new
|
ask
|
show
|
jobs
by
tomabai
497 days ago
The package was published on npm, the original extension, has a private component on npm with a similar name to that package, and that the squat the attacker tried to take advantage of