1. 28
  1.  

  2. 22

    My crazy theory is that it’s a hack by someone who had an untouchable devops script with the typo, so made the package to fix the deployment pipeline.

    But really, NPM could do a better job of protecting against names like this. The package is harmless (for now), but it’s not a stretch to imagine malware typosquatting.

    1. 9

      My crazy theory is that it’s a hack by someone who had an untouchable devops script with the typo, so made the package to fix the deployment pipeline.

      Distressingly possible.

    2. 5

      Lodash is super mad that they didn’t just name their library _ on NPM.

      1. 2

        “Why not use lodash? You might already have it as a dependency!”

        1. 1

          That’d cause a lot of confusion with Underscore though… “which fork am I installing again?”

          But it would still be pretty funny :D