First, on October 26 we identified an issue caused by routine maintenance of one of our publicly available npm services. During maintenance on the database that powers the public npm replica at replicate.npmjs.com, records were created that could expose the names of private packages.
https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/#security-issues-related-to-the-npm-registry
So this package might be indexing private repos. It is sensible to..
- Audit the packages and remove the from the history.
- Introduce code to ensure that private repos are never added to the index
https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/#security-issues-related-to-the-npm-registry
So this package might be indexing private repos. It is sensible to..