Ongoing NPM attacks #2203
davidjgraph
started this conversation in
General
Ongoing NPM attacks
#2203
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
We're aware of the NPM supply chain attack that is ongoing and have stopped all dependency updates and releases while it's ongoing.
We have snyk and github dependabot enabled on the project. Both are showing nothing problematic, but we've had suspicious activity with a user trying to approve a PR, so we'll wait the attack out.
Our policy remains to never accept external PRs exactly for this reason, that will continue to be the case.
Beta Was this translation helpful? Give feedback.
All reactions