Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
Correct:
[0] -> Error: Cannot find module '/Users/me/.npm/_npx/27078/lib/node_modules/@svgr/cli/node_modules/coa/compile.js'
What happened there was that he got the broken update, 2.0.3 which just referenced and used compile.js, but didn't include the file.
Then 2.0.4 came out which included compile.js and compile.bat. Had he updated a couple of minutes later, this error would not have appeared. Not sure if /Users/ is a MacOS thing, but it is a Windows path structure, which might indicate that he was running this on Windows. And in that case he would have been compromised.
[0] https://github.com/veged/coa/issues/99
Separate advisory says the npm package "rc" is also compromised. That's also a very popular one according to the npmjs stats.
https://github.com/advisories/GHSA-g2q5-5433-rhrf
> explicitly mark which packages can run postinstall scripts
Here's an RFC on exactly that: https://github.com/npm/rfcs/discussions/80