Used monorepo-symlink-test is malicious
ThomazPom opened this issue · 1 comments
Hello
This file is using monorepo-symlink-test which is a malicious package described here
Could you please remove this file which seems useless ?
Thank you
Because it's a private package that just coincidentally has the same name as the malicious one, it is a false positive - so whatever tool is flagging this repo is broken, and you should strongly reconsider using a tool that is this naive about npm package names.
Duplicate of #303. Duplicate of #291. Duplicate of #288. Duplicate of #304. Duplicate of #305. Duplicate of #306. Duplicate of #309. Duplicate of #310. Duplicate of #311. Duplicate of #312.
It’s not useless; tests must be shipped with packages so that npm explore foo && npm install && npm test always works.