A Major Bank Accidentally Published Private Code to the Public NPM Registry

12th March 2019

Laurie Voss, a Co-founder and Chief Data Office of NPM(A package manager for JavaScript, and a huge database of public and private JavaScript packages), had an interesting story to tell on Twitter:

My first reaction was something akin to "How the hell do you do this by mistake?". Surely publishing a package to NPM has just enough friction that you don’t publish private IP to a public repository.

You have to also keep in mind thatNPM have supported private repositories since 2014, and also offer a full enterprise solution already, NPM Enterprise.

By Chris Hannah. Say hello on Micro.blog, Twitter, or email.

✉️ Want to receive letters directly from me?

I send out one long-form letter to members every single month. No-nonsense, just a deep dive into a topic I'm interested in. No annoying tracking pixels, and it's completely free.

Become a Member