Important note: there should be nothing to worry about on your system unless perhaps it was freshly built (including Angular / npm steps) today.
It looks like there’s been a compromise of some npm packages used when building Eg. The site below has more details but the upshot is that it should only affected builds done today, the affected code doesn’t appear to run on servers, and is already being cleaned up. To be on the safe side I’d waste both node_modules (opac/deps and eg2) dirs from any repos touched today and fresh builds made for any releases made or dev systems updated today. https://fasterthanli.me/articles/color-npm-package-compromised https://cyberplace.social/@GossiTheDog/115169390397282254 Jason -- Jason Boyer Senior System Administrator Equinox Open Library Initiative [email protected] +1 (877) Open-ILS (673-6457) https://equinoxOLI.org/
_______________________________________________ Evergreen-dev mailing list -- [email protected] To unsubscribe send an email to [email protected]
