btown
9 hours ago
Larger discussion thread here: https://news.ycombinator.com/item?id=45260741
293984j29384
9 hours ago
I scanned this discussion looking for a way to tell if you've been compromised but nothing jumped out.
Live updates: Shai-hulud, the most dangerous NPM breach in history
46 pointsposted 10 hours ago
by chha3 Comments
bikeshaving
9 hours ago
If you’re a package maintainer, please defensively revoke all NPM and GitHub tokens. This is a worm which is still spreading and you probably don’t want to publish anything today anyways, so you might as well use this incident as an opportunity to rotate everything.