sudo rm -rf --no-preserve-root /(@pcaversaccio):i have updated all of my actively maintained repos that use npm packages in some form to only install package versions that have been published for _at least 7 days_ (this includes transitive deps as well); 7 days is currently my hope that will be enough to catch the some-dev-account-got-compromised-and-published-something-malicious as well as the more sophisticated worm hacks. anyone who currently does not enforce a min release age for deps of at least 3 days imho is simply irresponsible.

sudo rm -rf --no-preserve-root /

@pcaversaccio

𝐖𝐨𝐫𝐤𝐢𝐧𝐠 𝐨𝐧 𝐰𝐡𝐚𝐭'𝐬 𝐧𝐞𝐱𝐭. ꟼGꟼ: 063E 966C 93AB 4356 492F E032 7C3B 4B4B 7725 111F

加入 February 2010

333 正在關注 32.3K 粉絲

sudo rm -rf --no-preserve-root /@pcaversaccio

2026.05.13 13:02

i have updated all of my actively maintained repos that use npm packages in some form to only install package versions that have been published for _at least 7 days_ (this includes transitive deps as well); 7 days is currently my hope that will be enough to catch the some-dev-account-got-compromised-and-published-something-malicious as well as the more sophisticated worm hacks. anyone who currently does not enforce a min release age for deps of at least 3 days imho is simply irresponsible.