Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Report malware on NPM #8

Open
buksy90 opened this issue Feb 11, 2023 · 1 comment
Open

Report malware on NPM #8

buksy90 opened this issue Feb 11, 2023 · 1 comment

Comments

@buksy90
Copy link

buksy90 commented Feb 11, 2023

Hi guys,

as you have all noticed, this package has most probably been compromised and the linking from npmjs is incorrect. Correct link is https://github.com/sparksuite/simplemde-markdown-editor

Please visit following page to fill a report on npmjs and ask them to update the linking to correct package :).
https://www.npmjs.com/support?inquire=security&security-inquire=malware&package=simplemde&version=1.11.2

I'd like to use this package, but I dont want to add dependency that is known to be compromised. I have already filled the report, please join me ;) .
@mlewis-everley
Copy link

Looking at the original repo, I am not 100% convinced that this is a compromised package. @nextstepwebs seems to have opened legitimate PR's for the origin repo and they have been merged.

Maybe this is an issue on NPM for some reason?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mlewis-everley @buksy90