sudo rm -rf --no-preserve-root /(@pcaversaccio):i have updated all of my actively maintained repos that use npm packages in some form to only install package versions that have been published for _at least 7 days_ (this includes transitive deps as well); 7 days is currently my hope that will be enough to catch the some-dev-account-got-compromised-and-published-something-malicious as well as the more sophisticated worm hacks. anyone who currently does not enforce a min release age for deps of at least 3 days imho is simply irresponsible.

sudo rm -rf --no-preserve-root /

@pcaversaccio

𝐖𝐨𝐫𝐤𝐢𝐧𝐠 𝐨𝐧 𝐰𝐡𝐚𝐭'𝐬 𝐧𝐞𝐱𝐭. ꟼGꟼ: 063E 966C 93AB 4356 492F E032 7C3B 4B4B 7725 111F

Joined February 2010

333 Following 32.3K Followers

sudo rm -rf --no-preserve-root /@pcaversaccio

2026.05.13 13:02

i have updated all of my actively maintained repos that use npm packages in some form to only install package versions that have been published for _at least 7 days_ (this includes transitive deps as well); 7 days is currently my hope that will be enough to catch the some-dev-account-got-compromised-and-published-something-malicious as well as the more sophisticated worm hacks. anyone who currently does not enforce a min release age for deps of at least 3 days imho is simply irresponsible.