
core-js maintainer threatens millions of users due to new post-install ad policy - switz
https://github.com/zloirock/core-js/issues/635#issuecomment-526649749
======
0x0
With a threat like this, I think the best action going forward would be to
kick the author off of npm, and re-purpose the npm package name to a frozen-
in-time version of a clean ad-free fork of the latest release, perhaps with a
deprecation warning

------
switz
isaacs responded below and clarified that he doesn’t feel core-js is in
violation of npm’s new policy

[https://github.com/zloirock/core-
js/issues/635#issuecomment-...](https://github.com/zloirock/core-
js/issues/635#issuecomment-526792928)

ICYM npm’s new policy:
[https://news.ycombinator.com/item?id=20838078](https://news.ycombinator.com/item?id=20838078)

