npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Research for compromised packages after breach of Juli 12

After the security incident of Juli 12, I would like to know:

At the moment, I am very reluctant to run npm install in my node projects. I have to do it, but I have a bad feeling about it. The point is:


Thanks for the follow up on the eslint incident and the excellent questions. I’ve had these questions come up in some other conversations so I felt they deserved a bit of a larger audience so I posted an answer up on our blog. You can find the post here. https://blog.npmjs.org/post/176488970320/community-questions-following-the-eslint-security