amosSep 8
The 'color' npm package has been compromised: https://fasterthanli.me/articles/color-npm-package-compromised
color npm package compromised

Note: the situation is still unfolding, I’ll update this article as more comes in. On September 8 2025, around 13:00 UTC, someone compromised Josh Junon’s npm account (qix) and started publishing b...

fasterthanli.me
Show threadLars Willighagen
@fasterthanlime I think I got the same 2FA phishing email!
Sep 8 at 5:15pmWeb
Show threadLars WillighagenSep 8
@fasterthanlime RE: the unresponsiveness of npm, I noticed that there's not really a way of reporting *failed* phishing attempts mentioned on the site either.