The colors.js/faker.js incident with the maintainer intentionally sabotaging his own packages adds to the reasons why a little delay to protect your automated systems may be a good idea. By the time the package would have been allowed in your supply chain the problem is since long identified and handled by the community.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The colors.js/faker.js incident with the maintainer intentionally sabotaging his own packages adds to the reasons why a little delay to protect your automated systems may be a good idea. By the time the package would have been allowed in your supply chain the problem is since long identified and handled by the community.