O mantenedor escreveu um comentário no Hacker News: Hi, yep I got pwned. Sorr... · rafael

O mantenedor escreveu um comentário no Hacker News:

Hi, yep I got pwned. Sorry everyone, very embarrassing.

More info:

https://github.com/chalk/chalk/issues/656

https://github.com/debug-js/debug/issues/1005#issuecomment-3266885191

Affected packages (at least the ones I know of):

[email protected]

[email protected] (appears to have been yanked as of 8 Sep 18:09 CEST)

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

It looks and feels a bit like a targeted attack.

Will try to keep this comment updated as long as I can before the edit expires.

Chalk has been published over. The others remain compromised (8 Sep 17:50 CEST).

NPM has yet to get back to me. My NPM account is entirely unreachable; forgot password system does not work. I have no recourse right now but to wait.

Email came from support at npmjs dot help.

Looked legitimate at first glance. Not making excuses, just had a long week and a panicky morning and was just trying to knock something off my list of to-dos. Made the mistake of clicking the link instead of going directly to the site like I normally would (since I was mobile).

Just NPM is affected. Updates to be posted to the /debug-js link above.

Again, I'm so sorry.

E acredito que o comentário do GitHub que ele queria linkar era este.