[–] derram 0 points 0 points (+0|-0) ago 

https://archive.fo/nsmoR :

Cookie code compromise caper caught and crumbled • The Register

'As a result of its investigation, NPM removed the account of dustin87, associated with the malicious code, and unpublished , and . '

'Last month, it acquired ^Lift Security, the group that developed the Node Security Platform and included Baldwin. '

'However, if a developer created an Express.js application and included one of the malicious modules, that application could be accessible through the backdoor. ', "In January, NPM mistakenly removed a developer's account due to a failure to review sanctions suggested by an automated anti-spam system."

'Baldwin claims no packages published to the NPM registry incorporated the malicious modules in a way that would have allowed the backdoor to function. '

This has been an automated message.