The npm registry accidentally removed all versions of the legitimate Stylus library, disrupting countless projects relying on it. This incident highlights potential risks and procedures for restoring access after such administrative errors. #Stylus #npmjs
Keypoints
- npm removed all versions of the Stylus package and replaced it with a security placeholder page.
- The removal was an accidental administrative error, not due to malicious code in Stylus.
- A maintainer linked to malicious packages caused the removal of Stylus due to account bans.
- Developers relying on Stylus experienced build failures and pipeline disruptions.
- Workarounds include referencing the package directly from GitHub or using dependency overrides in package.json.