console-feed appears to have disappeared from the npm registry #124
Comments
|
I may publish up a clone to my namespace until this issue can be resolved. |
|
I contacted npm support and was told that it was unpublished:
As you can see no reason was given, so at this stage we have no clue if this was deliberate, accidental, or perhaps even a compromised account. In the mean time we have opted to fork the package, build and commit the |
|
I do not plan to do any maintenance on this repo but I have published an exact clone of version 3.5.0 to |
|
I got in touch with owner of library today and seems like account was compromised, but he's sorting this out.. So hopefully it will be republished within 24h. |
|
Yeah somehow there is a newly created access token that I presume revoked the package. The strange thing is I have 2fa on my account and use a randomised password, so I’ve no clue how this happened. I’ve changed the password and 2fa to be safe, but would like to know for certain who did this. I contacted npm support and they said I would need to file legal proceedings to get the IP addresses. I’ve scanned my MacBook for malware and haven’t found anything cause I’m very cautious |
|
I will try to republish within 24hrs |
Summary: See samdenty/console-feed#124. This is breaking our CI and lots of other things. We should hopefully be able to cleanly revert this on Monday. Reviewed By: ivanmisuno Differential Revision: D47150333 fbshipit-source-id: f34d6afdb83607c8ac2cc7fb2989ca68733798e0
|
Just checking, in here, it seems to be 25 hours since 2023-06-29T14:06:00.72 (in the message above) - any luck on the republish attempt? |
|
nope no luck yet i've just sent a message to NPM saying it's not letting me republish so that might take until the end of monday.
|
|
Any luck yet? |
|
no luck yet, I've tried email NPM support to no avail. I've tweeted something, hoping it can reach someone on the NPM team to escalate and restore all my packages retweets would be appreciated, and pinging anyone at NPM support if you know them: https://twitter.com/samddenty/status/1675871527676305408?s=46&t=BHioRA7yXyP06sjXuJYPRA |
I will use this meantime, thanks! |
|
Any luck yet @samdenty ? |
|
Is this legit? https://www.npmjs.com/package/console-feed-optimized |
* 💄 update theme * ✨ support ts * 💡 todo: common middlwares or plugins * 👽 use third party console-feed package samdenty/console-feed#124 * 📝 changeset
|
Hey, has there been any update from npm support about this? |
|
nope i've emailed them about 4 times for updates and it's still taking forever. I'm really sorry about this. I discovered that it's not possible to unpublish a package with dependents so I now don't think my account was compromised, and instead this is all NPM's fault. I'm not impressed with how long it's taking. I'll email them again with this thread |
|
It's back! https://www.npmjs.com/package/console-feed I don't know what you did @samdenty but it worked, and all previously published versions are available again ❤️ |
|
Awesome! glad this could be solved even though it took so long 😅 still would like to know what happened, will post an update here when npm support emails back i'll leave this issue open for visibility for another week then close |
https://www.npmjs.com/package/console-feed is now returning a 404. This appears to have happened within the last hour, and https://status.npmjs.org/ isn't reflecting any issues on their side
The text was updated successfully, but these errors were encountered: