The advisory says all the versions are affected ">= 0" https://github.com/adviso... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		maury91 6 months ago \| parent \| context \| favorite \| on: NPM stylus package contained malicious code and wa... The advisory says all the versions are affected ">= 0" https://github.com/advisories/GHSA-fh4q-jc76-r59p

bapak 6 months ago [–]

Once again proof that advisories are full of etc.

Stylus has been around for 15 (FIFTEEN) years. Obviously the "vulnerability" is a lie.

Npm is known to cause huge losses of money for developers and companies around the world when they pull things like this, blindly applying advisories.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact