Aviad Hahami
Aviad Hahami
@adam2k not sure myself as well, I think we can maintain this if you'd like :) @kr1sp1n - is this 100% stale on your end? if yes - would u...
Update - emailed `npm` themselves for a dispute on package name due to owner's inactivity and the security risk imposed by this
Hi @kr1sp1n, thx for the reply :) Steps needed for transfer: 1/ Change npm ownership [[howto]](https://docs.npmjs.com/transferring-a-package-from-a-user-account-to-another-user-account) [[my npm profile]](https://www.npmjs.com/~uiw4nk3r) 2/ Change GH ownership [[howto]](https://docs.github.com/en/repositories/creating-and-managing-repositories/transferring-a-repository#transferring-a-repository-owned-by-your-user-account) [[my gh profile]](https://github.com/aviadhahami/) IMO that's it....
@adam2k I'm waiting patiently 🤷♂️
@kr1sp1n almost :D I still lack permissions and get this: So, what's left to do is: 1/ give repo permissions 2/ give npm permissions (for publishing)
@kr1sp1n pinging again (so we can stop ping you
@Lecrapouille Does this mean this package is vulnerable to zipslips rn? if so - worth adding a comment about it to the readme
by rn (="right now", just to be on the safe side), I mean since https://github.com/sebastiandev/zipper/commit/e20fc3ffe6d33827d3ff4fa0e810d6a9e7955101 was merged into `master` 5 days ago.
Can confirm that the latest build is vulnerable to zipslip 🦗 ⚠️
@Lecrapouille - Ok, sounds good :) In the meantime - can we explicitly state that the package is vulnerable to zipslip? It will allow developers to put mitigations ahead of...