Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. The 'coa' library, short for Command-Option-Argument, receives about 9 million weekly downloads on npm, and is used by almost 5 million open source repositories on GitHub.
I hope this doesn’t mean anything bad for Lemmy. 😖
According to the yarn.lock file for Lemmy’s official webclient, coa is not a dependency so it’s highly unlikely we’re affected!
That’s a relief