1. 28
    1. 22

      My crazy theory is that it’s a hack by someone who had an untouchable devops script with the typo, so made the package to fix the deployment pipeline.

      But really, NPM could do a better job of protecting against names like this. The package is harmless (for now), but it’s not a stretch to imagine malware typosquatting.

      1. 9

        My crazy theory is that it’s a hack by someone who had an untouchable devops script with the typo, so made the package to fix the deployment pipeline.

        Distressingly possible.

    2. 5

      Lodash is super mad that they didn’t just name their library _ on NPM.

      1. 2

        “Why not use lodash? You might already have it as a dependency!”

      2. 1

        That’d cause a lot of confusion with Underscore though… “which fork am I installing again?”

        But it would still be pretty funny :D