1. Buy expired NPM maintainer email domains.2. Re-create maintainer emails3. Take over packages4. Submit legitimate security patches that include package.json version bumps to malicious dependency you pushed5. Enjoy world domination.
I just noticed "foreach" on npm is controlled by a single maintainer.
I also noticed they let their personal email domain expire, so I bought it before someone else did.
I now control "foreach" on NPM, and the 36826 projects that depend on it.
@lrvick NPM was a mistake.
@samgai @lrvick No lie.
@samgai @lrvick see also: PyPI, crates.io
A Mastodon instance specializing in Vocaloid, UTAU, and anything relevant to vocalsynth culture.