You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Someone has been emailing me from tonymobily@gmail.com asking for write and publish access to the repo and npm module.
I don't even know if I still have access, but in light of recent events, and considering that I don't know the person personally, I've said no - he can PR and we'll review it, and he's persisted that he wants write and publish access.
I just want to document that here because I don't know if it's the real Tony Mobily or not, and it seems that kind of conversation should have come up as an issue first - and I don't see any activity from him here.
My suggestion is that we don't give anyone new access as this is an obvious target for supply chain vulnerability and anyone writing new code should probably be using the path functions available via new URL(), in most cases.
The text was updated successfully, but these errors were encountered:
Someone has been emailing me from tonymobily@gmail.com asking for write and publish access to the repo and npm module.
I don't even know if I still have access, but in light of recent events, and considering that I don't know the person personally, I've said no - he can PR and we'll review it, and he's persisted that he wants write and publish access.
I just want to document that here because I don't know if it's the real Tony Mobily or not, and it seems that kind of conversation should have come up as an issue first - and I don't see any activity from him here.
My suggestion is that we don't give anyone new access as this is an obvious target for supply chain vulnerability and anyone writing new code should probably be using the path functions available via
new URL(), in most cases.The text was updated successfully, but these errors were encountered: