-
The node.js packaging system is being exploited by bad guys to steal auth tokens at build time. This is the best advice they can come up with:
Always check the name of packages you’re installing. You can look at the downloads number: if a package is popular but the downloads number is low, something is wrong.
:facepalm: What a mess. Security needs to become a priority….(tags: javascript security npm node packaging packages fail)