undefined | Better HN

0 pointsphpnode8y ago0 comments

from the blog post:

> the integrity of these 106 packages were never jeopardized.

are we operating with different definitions of jeopardy here? 106 packages were absolutely at risk of harm during this window. The fact that some community members stepped up is irrelevant, a bad actor could have done a lot of damage here. I think this blog post is completely disingenuous, and doesn't make me trust npm.

0 comments

rspeer8y ago

I was replying to 0x0's claim, not making a broad statement about npm's policies.

0x0 claimed the code uploaded as duplexer3 was "undesirable code" and implied that it was a "malicious actor". It was completely utterly benign.

j / k navigate · click thread line to collapse

0 pointsphpnode8y ago0 comments

from the blog post:

> the integrity of these 106 packages were never jeopardized.

0 comments

rspeer8y ago

I was replying to 0x0's claim, not making a broad statement about npm's policies.

0x0 claimed the code uploaded as duplexer3 was "undesirable code" and implied that it was a "malicious actor". It was completely utterly benign.

j / k navigate · click thread line to collapse