<p>Crashing out at how poorly npm (Microsoft) is handling this security incident. Eleventy is not affected any more but *lots* of other tools in the JavaScript ecosystem are!</p><p>Hours later and the compromised package versions are still public…</p><p>Maybe don’t install anything from npm today, folks.</p><p>Edit: the issue was resolved at approximately 18:30Z</p>
- Post #628
- Next September 8, 2025 at 5:11:00 PM UTC
- Previous September 8, 2025 at 4:31:00 PM UTC
- Mon, 08 Sep 2025 17:03:19 GMT — Zach Leatherman
- Original on Fediverse