Closed ankurk91 closed 6 years ago
I just noticed same issue https://github.com/npms-io/npms-www/issues/214
It seems we can send the md5 of the email to the component instead of the email. Could you do a PR with this strategy? We can use the sparkmd5 package.
Hi, The website https://npms.io is leaking all package maintainer email addresses to bots. It is visible to Google (try to search email address on google) and scrapping sites can scrap the email addresses to spam them.
You can notice email address in image tag's
alt
attribute.I know that npm requires to have a pubic email. But npm itself never expose it to pubic in that way.