"Compromising Angular via Expired npm Publisher Email Domains" by Matthew Bryant https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/
Man, if there's a vulnerability in the OSS supply chain, somebody's thought of it. This one seems particularly tricky to defend against, from the registry's perspective.
@nolan
Actually, this kind of attack doesn't only depend on domain names.
Any provider (or administrator) of any mailbox of a #npm package developer might do the same.
QOTO: Question Others to Teach Ourselves An inclusive, Academic Freedom, instance All cultures welcome. Hate speech and harassment strictly forbidden.