Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
typpilol
8 months ago
|
parent
|
context
|
favorite
| on:
NPM debug and chalk packages compromised
You can do some weird verify thing on your GitHub builds now when they publish to npm, but I've noticed you can still publish from elsewhere even with it pegged to a build?
But maybe I'm misunderstanding the feature
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
But maybe I'm misunderstanding the feature