atomico icon indicating copy to clipboard operation
atomico copied to clipboard
verified publisher icon atomicojs

a package possibly imitating atomico

Open tamir-ben opened this issue 3 years ago • 2 comments

Hi, my name is Tamir and I'm a security researcher at Mend.io

I have noticed something strange, I would be happy to get clarifications from you.

the package https://www.npmjs.com/package/atomico-base is pretending to be atomico, while also pretending to be @UpperCod , the creator of Atomico.

image

the npm user also does not match https://www.npmjs.com/~uppercod

Thanks in advance!

tamir-ben avatar Jul 21 '22 13:07 tamir-ben

That user is not related to Atomico, but I don't think it's phishing, since the README file attached to that project is generated by the npm init atomico script.

I think user Monoharada just didn't edit the README that is attached by default.

Now, to avoid future confusion, I'll edit the README to be more nominative of a starter kit.

Thank you for your issue, I will be attentive to what you need

UpperCod avatar Jul 21 '22 13:07 UpperCod

Hi, it's been a while, but it would be nice to have your opinion, I have rewritten the Atomico Starter Kit README, I invite you to review it

https://github.com/atomicojs/base

with this we can close the issue, greetings

UpperCod avatar Aug 28 '22 15:08 UpperCod