Hacker News new | past | comments | ask | show | jobs | submit login

You also need to report this to security@npmjs.com so they post an advisory [1] and mark the existing versions as vulnerable.

[1] - https://www.npmjs.com/advisories




Anyone, including yourself can do that.


Everyone's talking about it but nobody did it, so I did.


or, the person who should do it should do it and not rely on others to do their job for them?


it's not their job. there's a reason anyone can do it.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: