Follow

RT @lrvick
1. Buy expired NPM maintainer email domains.
2. Re-create maintainer emails
3. Take over packages
4. Submit legitimate security patches that include package.json version bumps to malicious dependency you pushed
5. Enjoy world domination.

Sign in to participate in the conversation
Hostux.social

This service is offered by alarig.
Beer, privacy and free software lovers. Join us!