Same pattern and same problem with malicious versions of coa and rc packages published 2021-11-04. Both versions later removed by npm, but available in public registry for ~1 hour (coa) and ~7 hours (rc).
Updated with some info on these attacks as well.
See github.com/advisories/GHSA-73qr-pf... & github.com/advisories/GHSA-g2q5-54... advisories for more details.
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Same pattern and same problem with malicious versions of coa and rc packages published 2021-11-04. Both versions later removed by npm, but available in public registry for ~1 hour (coa) and ~7 hours (rc).
Updated with some info on these attacks as well.
See github.com/advisories/GHSA-73qr-pf... & github.com/advisories/GHSA-g2q5-54... advisories for more details.