Thanks for the alert about this Antranig.
It is probably a good time to setup two-factor authentication for our npm
accounts, for those that haven’t already.
https://docs.npmjs.com/getting-started/using-two-factor-authentication
Thanks
Justin
On July 13, 2018 at 8:03:11 AM, Antranig Basman (
Our project policy has for some time been to only permit exact versions to appear in project dependencies
listed in package.json - this is at odds with most industry recommendations, and also the action of several
automated tools, to allow open semver ranges of the form "~3.7.1".
As it turns
