About a month ago NPM was compormised. It was advised to lock versions to before the compromise.
However, one eventually needs to unlock and start getting updates again. Does anybody know if the coast is clear, or possibly a place that is tracking known compromised packages and their current status?
You must log in or register to comment.