Also if all the versions are affected this malware is in stylus since 2010. Hone... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		maury91 6 months ago \| parent \| context \| favorite \| on: NPM stylus package contained malicious code and wa... Also if all the versions are affected this malware is in stylus since 2010. Honestly, it sounds improbable to me that a malware exists unnoticed in open source software for 15 years. However, even if improbable it's better to play safe and just override the installation of stylus ( especially if you are not using it ) with an empty package until more information is released

clncy 6 months ago [–]

I agree that it seems very improbable. The only possible malicious scenario I can imagine is that the Github repo is clean, but npm creds have been compromised.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact