So by "Just NPM is affected" does that mean yarn is unaffected? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		svendroevskaeg 3 months ago \| parent \| context \| favorite \| on: NPM debug and chalk packages compromised So by "Just NPM is affected" does that mean yarn is unaffected?

junon 3 months ago [–]

No, anything that connects to npm as an authoritative source for packages. Yarn, pnpm, and npm clients all do.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact