Re: Doesn't fix the fundamental issue with NPM -- Security
Yep, and the maintainers refuse to take measures to rectify those types of issues because "it's too hard"...
https://github.com/npm/npm/pull/4016
Posts by Crstov
2 publicly visible posts • joined 7 Aug 2014
NPM not tied in knots over Yarn rival project
Hacker crew nicks '1.2 billion passwords' – but WHERE did they all come from?
Thursday 7th August 2014 20:24 GMT
Hold Security
Check out www.holdsecurity.com on the wayback machine (archive.org)
It shows their URL being active from June 2013 - but check any page link before yesterday (Aug 6).... there are no pages displayed at all.
So for over a year, the URL was valid and took you to a blank white page.... Until the story broke....
I think this is more of a PR stunt / money-making exercise rather than an actual threat, of course I could be wrong.
Biting the hand that feeds IT
