Re: Doesn't fix the fundamental issue with NPM -- Security
Yep, and the maintainers refuse to take measures to rectify those types of issues because "it's too hard"...
https://github.com/npm/npm/pull/4016
2 publicly visible posts • joined 7 Aug 2014
Check out www.holdsecurity.com on the wayback machine (archive.org)
It shows their URL being active from June 2013 - but check any page link before yesterday (Aug 6).... there are no pages displayed at all.
So for over a year, the URL was valid and took you to a blank white page.... Until the story broke....
I think this is more of a PR stunt / money-making exercise rather than an actual threat, of course I could be wrong.