If you're distributing something that uses this package, it's not just your dev ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		morshu9001 30 days ago \| parent \| context \| favorite \| on: Lotusbail npm package found to be harvesting Whats... If you're distributing something that uses this package, it's not just your dev computer at risk, it's all the users.

llmslave2 30 days ago [–]

I'm aware thanks, but if your company is doing the standard practice of using 10k dependencies for some JS webslop you don't really have any other options but to protect yourself.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact