Fork me on GitHub
#clojure-europe
<
2021-11-06
>
javahippie11:11:29

Our project got hit with this: https://www.rapid7.com/blog/post/2021/11/05/new-npm-library-hijacks-coa-and-rc … maybe relevant for some people here, too?

🙏 1
javahippie11:11:13

I don’t know about the npm publishing workflow, but the one for the public Maven Repo is quite strict. Is npm so easy to hijack?

gklijs20:11:15

Sometimes it’s ‘just’ a password, two factor authentication is optional (and you can’t also see if a repo is using 2fa). Nowhere near as strict as public Maven.

gklijs20:11:03

Seems like npm has one of those almost daily now..