Not sure how that would help. Anyone can publish anything to npm, it doesn't eve... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

shados on Nov 26, 2018 | parent | context | favorite | on: Backdoor in event-stream library dependency

Not sure how that would help. Anyone can publish anything to npm, it doesn't even need a repository. So unless the source code itself was hosted on npm, and the entire toolchain was controlled by npm, there's not much to do.

g-harel on Nov 28, 2018 [–]

Exactly, I think a source code browser on https://www.npmjs.com/ would be nice to have

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact