Y
Hacker News
new
|
ask
|
show
|
jobs
by
ezekg
82 days ago
I'd imagine the attacker published a new compromised version of their package, which the author eventually downloaded, which pwned everything else.