That was my first thought. But then I realized some guy basically broke something so his stuff would work and someone else's wouldn't. He didn't destroy files, but that was malicious as hell.
mean spirited and dramatic as hell, yes... also, a bad place where real "malicious" things could be done. but "malicious" has a specific meaning and this didn't affect users.
more like dramaticious if you ask me... but also uncovers actual dangerous weaknesses in the npm delivery pipeline...
it's kinda like a cat-fight in the one hundred acre javascript wood... pretty harmless, nobody's shit got pwned, but holy shit, kind of a vulnerable vector they found...
