Sign in / up

Reply to post:

Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week)

JLV

Ouch. Clever, and simple, hack. Social engineering FTW.

How about an optional mechanism where an established github dev can be shown to have vouched for a new maintainer? A la web of trust?

Tons of holes, yes, but better than scammers just freely trawling the owners of no-longer-maintained popular repos.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon