robertsLando
commented
1 year ago this project didn't received any update in last 9 years...
Anyway, @mcollina are you aware of this?
Closed meuserj closed 1 year ago
robertsLando
commented
1 year ago this project didn't received any update in last 9 years...
Anyway, @mcollina are you aware of this?
meuserj
commented
1 year ago Nevermind... I thought I had upgraded the package using NCU, but for some reason, it downgraded it to 0.0.3. Forcing it to install 0.1.0 pulled down the right code. Sorry about that.
I'm not sure what is going on here, but the NPM entry references this git branch and has the same documentation as here, but the code itself, when you install the package, is completely different. It is also completely incompatible. The README in the package is also identical to this, so there is no place where a code example exists that actually works with the latest version of the Code. It seems that someone is updating the NPM package, but not the GIT repository. This is concerning because it means that someone who has control of the NPM repository could insert malicious code without it being obvious in the git repository.