npm announces leftpad2; will have malware mode

https://github.com/eslint/eslint-scope/issues/39

The maintainer whose account was compromised had reused their npm password on several other sites and did not have two-factor authentication enabled on their npm account.

Notice how they desperately try to avoid mentioning his name. Nobody may ever be responsible for anything, after all.

>>2
eh, it's normal. when the employee (or a member of a group) fucks up, there's usually internal investigation (and punishment) but they almost never publish who it was. there were plenty of large-scale data breaches in past few years and yet they never mention the guilty employee - if public scapegoat is needed, it's usually the chief of security department

>>3
I'm not a fan of that either, but this is an open-source project rather than something internal to a corporation. I'm sure people would like it if only their achievements were public, but that makes those effectively useless for evaluation. On top of that, there is: https://eslint.org/docs/about/

The project:
Is as transparent as possible

Deliberately covering up the name of the idiot who reused his npm password is not transparent at all.

I am mikotochan in that thread :3

>>5
ur gay desu

>>5

Repositories 0

Do you just use the site like a social media sie?

>>7
It makes perfect sense.
Keep your code safe in some obscure sites and use Goyhub as social network.

>>5
I started making a sao-themed irc client using that account but then I got bored.

>>7
I use it for comments on irrelevant issues.