Our great sponsors
-
Loach raised a GitHub issue for the maintainers of PrismJS to unpublish these “broken” versions from npm, and this is where it gets interesting.
-
Another open-source CLI tool called updates, which checks for npm dependency updates, had to rewrite its version resolution logic to not pull the 9000.0.x versions.
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
Why? Because it was malicious. Somebody had used it to pull a successful dependency confusion attack:
-
“Now every time someone [runs] bundle update, the RubyGems gem is installed instead of ours,” said developer, Adam Stankiewicz, who represents the official rails-assets.org service.