this release fixes a vulnerability reported 10 years ago<p><a href="https:&#x2F;&#x2F;www.kb.cert.org&#x2F;vuls&#x2F;id&#x2F;319816" rel="nofollow">https:&#x2F;&#x2F;www.kb.cert.org&#x2F;vuls&#x2F;id&#x2F;319816</a>

Hahaha that&#x27;s amazing, just a big red &quot;RETIRED&quot; badge above their blog post? What the hell

I hope GitHub changes their vibecoded badges, what does RETIRED even signify in this context? Why does the preview have to be in ominous red?

They should have added a 1-day age limit by default, so security scanners have some time.

Most people know this but the _real_ reason it explains things is that GitHub is owned by Microsoft. Oh, and Microsoft moved GitHub to Azure

didn&#x27;t  know npm was owned by github..
 well, that explains things...

Ok? Not sure what a package manager can do about the fact that eventually you want to run the things you install.

Better than nothing. That’s the same problem every package manager has.

Looks good? But doesn&#x27;t this just change the compromise window from first installation to first run?