davely a day ago More and more, I am thinking all my local development environments for Node / JavaScript projects need to be setup in a sandboxed VM.
dylmye a day ago The two listed collaborators of the debug package have over 700 packages published collectively, many of them with millions of weekly downloads. What could possibly go wrong when their token is compromised?
ChrisArchitect a day ago A blog post: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... (https://news.ycombinator.com/item?id=45169657)
More and more, I am thinking all my local development environments for Node / JavaScript projects need to be setup in a sandboxed VM.
The two listed collaborators of the debug package have over 700 packages published collectively, many of them with millions of weekly downloads. What could possibly go wrong when their token is compromised?
GH issue: https://github.com/debug-js/debug/issues/1005
A blog post: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... (https://news.ycombinator.com/item?id=45169657)
is-arrayish lmao