A Major Bank Accidentally Published Private Code to the Public NPM Registry

12th March 2019

Laurie Voss, a Co-founder and Chief Data Office of NPM(A package manager for JavaScript, and a huge database of public and private JavaScript packages), had an interesting story to tell on Twitter:

My first reaction was something akin to "How the hell do you do this by mistake?". Surely publishing a package to NPM has just enough friction that you don’t publish private IP to a public repository.

You have to also keep in mind thatNPM have supported private repositories since 2014, and also offer a full enterprise solution already, NPM Enterprise.

Found this post useful? Why not buy me a coffee? Alternatively, I'd like to point you towards Ecologi, where you can subscribe to a plan where you fund various climate positive projects, the planting of trees, and other carbon reduction projects.