(www.aikido.dev)

1369 points universesquid | 1 comments | 08 Sep 25 15:37 UTC | HN request time: 0s | source

https://github.com/advisories/GHSA-8mgj-vmr8-frr6

Show context

hnquestion10987 ◴[08 Sep 25 18:17 UTC] No.45171839[source]▶

I'm a little confused after reading everything. I have an Expo app and if I run `npm audit`, I get the notification about `simple-swizzle`.

The GitHub page (https://github.com/advisories/GHSA-hfm8-9jrf-7g9w) says to treat the computer as compromised. What does this mean? Do I have to do a full reset to be sure? Should I avoid running the app until the version is updated?

replies(2): >>45174197 #>>45176441 #

1. herpdyderp ◴[09 Sep 25 01:43 UTC] No.45176441[source]▶

>>45171839 #

The advisories on GitHub were/are weird for several reasons:

1. The version matching was wrong (now fixed).

2. The warning message is (still) exaggerated, imo, though I understand why they’d pass the liability downstream by doing so.

↑

NPM debug and chalk packages compromised