Jordan Harband
Heads up that v3.3.1 of https://npmjs.com/is has malware in it, due to another maintainer’s account being hijacked. They’re removed for now, v3.3.0 is set at latest, v3.3.1 is deprecated, and a v3.3.2 will be published once I’m not on my phone (thx @github codespaces)
is

the definitive JavaScript type testing library. Latest version: 3.3.0, last published: 7 years ago. Start using is in your project by running `npm i is`. There are 638 other projects in the npm registry using is.

npm
Jul 19, 2025 at 6:24pmMastodon for iOS
Show threadJordan HarbandJul 19, 2025
also, v5.0.0, which got the same treatment. I assume this was from a pre-existing session and one of npm’s publish servers hadn’t caught up yet - tokens are disallowed (on virtually all my packages)