This is malware #1
Comments
|
Do you have any link, or source to check this claim?
Because it looks to me like I could, if I wanted, report the package. |
|
Yeah, I'm also confused; this "Report malware" button exists pretty clearly on the package page, and this doc page says that it'll go to "the npm security team" (whoever that is) |
Last couple times I went to report a security problem I got a prompt "Are you a maintainer of this package?" and I hit no then it said go home |
|
Oh it looks like they took it down 🎉 |
|
@qpwo thanks for creating this to raise awareness of the problem. I have been working on the problem of detecting outbound traffic for this exact scenario, and while detecting from a desktop is hard, this new GitHub Action does allow detecting and restricting outbound traffic from GitHub Actions workflows that run on GitHub-hosted runner. |
|
Brilliant I'll probably add a proper "tooling recommendations" section to the readme at some point and I'll add that to it |
this is malware
The text was updated successfully, but these errors were encountered: