Skip to content
This repository has been archived by the owner on Nov 10, 2022. It is now read-only.

Postmortem for malicious package publishes #495

Merged
merged 4 commits into from Jul 12, 2018
Merged

Postmortem for malicious package publishes #495

merged 4 commits into from Jul 12, 2018

Conversation

hzoo
Copy link
Member

@hzoo hzoo commented Jul 12, 2018

@jsf-clabot
Copy link

jsf-clabot commented Jul 12, 2018
edited

CLA assistant check
All committers have signed the CLA.

@eslint-deprecated eslint-deprecated bot added the triage An ESLint team member will look at this issue soon label Jul 12, 2018
platinumazure
platinumazure reviewed Jul 12, 2018
View reviewed changes
_posts/2018-07-12-postmortem-for-malicious-package-publishes.md Outdated
@@ -0,0 +1,51 @@
# Postmortem for malicious package publishes
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if a date should be included here?

platinumazure
platinumazure reviewed Jul 12, 2018
View reviewed changes
_posts/2018-07-12-postmortem-for-malicious-package-publishes.md Outdated

## Attack Method

Further details on the attack can be found [here]( https://gist.github.com/hzoo/51cb84afdc50b14bffa6c6dc49826b3e).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the leading space in front of the URL cause an issue?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Appears to work fine

btmills
btmills suggested changes Jul 12, 2018
View reviewed changes
_posts/2018-07-12-postmortem-for-malicious-package-publishes.md
@@ -0,0 +1,51 @@
# Postmortem for Malicious Packages Published on July 12th, 2018

This comment was marked as resolved.

Sign in to view

@btmills btmills merged commit 96bb4de into master Jul 12, 2018
@platinumazure platinumazure deleted the hzoo-patch-1 branch July 12, 2018 20:37
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@platinumazure platinumazure platinumazure left review comments

@btmills btmills btmills approved these changes

@ilyavolodin ilyavolodin ilyavolodin approved these changes

@not-an-aardvark not-an-aardvark not-an-aardvark approved these changes

Assignees
No one assigned
Labels
triage An ESLint team member will look at this issue soon
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@hzoo @jsf-clabot @platinumazure @ilyavolodin @btmills @not-an-aardvark