|
|
|
|
|
|
by axsharma
324 days ago
|
|
|
> "even if they've been a malicious actor the whole time" That is a sound argument, even if integrity of the package was to check out (if npm tracks this internally at all). Better to adopt a PyPI-style approach of temporarily "quarantining" packages while investigating allegations of malware for big-scale projects. Instead npm pulled the plug outright stating: "This package contained malicious code and was removed from the registry..." (generic placeholder page), which is inaccurate and likely to cause panic.
https://www.npmjs.com/package/stylus |
|
|