Flag npm packages in which the author email or name have recently changed
Problem to solve
Many projects depend on packages that may come from unknown or unverified providers, introducing potential security vulnerabilities. When fetching packages from external registries, it is important to understand if they have recently been updated under suspicious circumstances.
This occurred recently when a Bitcoin currency stealer was included in over 700 Ruby packages.
When an npm package is pulled from a remote repository, flag and alert users about any packages that have recently had the author name or email updated to ensure that users are aware of any suspicious changes.
Permissions and Security
- There are no permissions changes required for this change
Availability & Testing
What does success look like, and how can we measure that?
Success looks like we help our users prevent malicious packages from external registries from entering their codebase.