HubertManne@piefed.social
on 24 Jul 14:56
nextcollapse
holy crap:
On July 19, 2025, the package's primary maintainer, John Harband, announced that versions 3.3.1 through 5.0.0 contained malware and were removed roughly 6 hours after threat actors submitted them to npm.
threaded - newest
holy crap:
On July 19, 2025, the package's primary maintainer, John Harband, announced that versions 3.3.1 through 5.0.0 contained malware and were removed roughly 6 hours after threat actors submitted them to npm.
So, is that just a ‘developer’ component, or have I got to analyse all my systems now for the NPM components in the article’s list?