> Transparency is key in maintaining the trust of our community. and yet a secur... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

thayne on Nov 16, 2021 | parent | context | favorite | on: Security issue related to the NPM registry

> Transparency is key in maintaining the trust of our community.

and yet a security incident where it was possible to publish any npm package without authentication is nine paragraphs down, and isn't alluded to at all in the page or section titles. I'm not sure that's entirely in the best spirit of transparency.

jabbany on Nov 16, 2021 | [–]

At least the details were there. It's not the best organization but they also didn't withhold anything.

croes on Nov 16, 2021 | | [–]

Hide it in the open isn't any better

emteycz on Nov 16, 2021 | [–]

Wasn't it fixed years ago?

agency on Nov 16, 2021 | [–]

I believe it says the issue the OP is alluding to was reported and fixed on Nov 2 - two weeks ago.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact