a package possibly imitating atomico

atomicojs / atomico

Atomico a micro-library for creating webcomponents using only functions, hooks and virtual-dom.

https://atomicojs.dev

MIT License

1.15k stars 43 forks source link

a package possibly imitating atomico #83

Open tamir-ben opened 2 years ago

tamir-ben commented 2 years ago

Hi, my name is Tamir and I'm a security researcher at Mend.io

I have noticed something strange, I would be happy to get clarifications from you.

the package https://www.npmjs.com/package/atomico-base is pretending to be atomico, while also pretending to be @UpperCod , the creator of Atomico.

the npm user also does not match https://www.npmjs.com/~uppercod

Thanks in advance!

UpperCod commented 2 years ago

That user is not related to Atomico, but I don't think it's phishing, since the README file attached to that project is generated by the npm init atomico script.

I think user Monoharada just didn't edit the README that is attached by default.

Now, to avoid future confusion, I'll edit the README to be more nominative of a starter kit.

Thank you for your issue, I will be attentive to what you need

UpperCod commented 2 years ago

Hi, it's been a while, but it would be nice to have your opinion, I have rewritten the Atomico Starter Kit README, I invite you to review it

https://github.com/atomicojs/base

with this we can close the issue, greetings