Y
Hacker News
new
|
ask
|
show
|
jobs
by
igregoryca
39 days ago
The baffling part is why it takes hours for the npm security team to unpublish packages that contain malware, as attested by multiple independent sources? That should be able to happen in minutes.
2 comments
linkregister
39 days ago
It would take longer than minutes to validate the claims themselves.
link
consumer451
39 days ago
Who vets the sources, and using what scheme?
link
tomjen3
39 days ago
If email matches owner of repo, pull now. If not verified, ban and restore later.
link