Where did these mysterious PrismJS npm versions come from?

This page summarizes the projects mentioned and recommended in the original post on dev.to
Code highlighting Package Management Rubygems NodeJS Gems

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
Our great sponsors

  • PrismJS

    Lightweight, robust, elegant syntax highlighting.

    Loach raised a GitHub issue for the maintainers of PrismJS to unpublish these “broken” versions from npm, and this is where it gets interesting.

  • updates

    Flexible npm and poetry dependency update tool

    Another open-source CLI tool called updates, which checks for npm dependency updates, had to rewrite its version resolution logic to not pull the 9000.0.x versions.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

  • rubygems

    Library packaging and distribution for Ruby.

    Why? Because it was malicious. Somebody had used it to pull a successful dependency confusion attack:

  • RubyGems

    The Ruby community's gem hosting service.

    “Now every time someone [runs] bundle update, the RubyGems gem is installed instead of ours,” said developer, Adam Stankiewicz, who represents the official rails-assets.org service.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts