Hacker News new | past | comments | ask | show | jobs | submit login

An attacker would only need to register the equivalent of the package under attack. Other packages would continue to error out harmlessly as they did before.

The maintainer-level confirmation could be of slight assistance to advanced users, but it's no panacea.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact