np icon indicating copy to clipboard operation
np copied to clipboard

Published 20 hours ago verified publisher icon sindresorhus

Check for scopes

Open bunysae opened this issue 3 years ago • 1 comments

Description

Check for scoped packages when publish to a private registry as mention in https://github.blog/2021-02-12-avoiding-npm-substitution-attacks. When a non-scoped package is published to a private registry, np could throw a warning. I think we can win security and can avoid malicious failures as mention in the blog-post.

bunysae avatar Feb 18 '21 12:02 bunysae

Check what exactly? The issue description should be self-explanatory without needing to read the whole blog post.

sindresorhus avatar Feb 18 '21 15:02 sindresorhus