In-reply-to > Security Expert Nabs Expired Domain for a Popular NPM Library's Email Address "Security consultant Lance Vick recently acquired the expired domain used by the maintainer of a widely used NPM package," reports the Register, "to remind the JavaScript community that the NPM Registry still hasn't implemented adequate security."

@slashdot@feeds.twtxt.net Another interesting summary by GPT-3:

The text describes a situation where a security consultant, Lance Vick, recently acquired the expired domain used by the maintainer of a widely used NPM package. He did this to remind the JavaScript community that the NPM Registry still hasn’t implemented adequate security. Vick argues that taking over the NPM account of a popular project to conduct a software supply chain attack continues to be too easy. Part of the problem is that JavaScript developers often use packages that implement simple functions that are either already built into the language, like forEach, or ought to be crafted manually to avoid yet another dependency, like left-pad (now built-in as padStart). These trivial packages get incorporated into other packages, which may in turn become dependencies in different packages


#54tsg7q