|
|
|
|
|
|
by littlecranky67
295 days ago
|
|
|
Nope, because the script was commited to upstream and you can review what ended in the package. It seems a lot of general "wisdom" here is thrown by people who have not looked into this particular incident or are unfamiliar with js node dev in general. |
|
|
Be weary of binary wasms though, harder to analyze. In the end, because it was published and npm allows you to see the history, we can all see.
Still, from a security standpoint, anything within a “package” that is compromised, compromises the package. Don’t install it. Wait for the fix.