- The incident was detected on Friday, October 22.
- According to its official site, the library is used by companies such as Facebook, Apple, Amazon, Microsoft, Slack, IBM, HPE, Dell, Oracle, Mozilla, Shopify, Reddit, and many of Silicon Valley’s elites.
- The library also regularly sees between 6 million and 7 million weekly downloads, according to its npm page.
- Compromised versions: 0.7.29, 0.8.0, 1.0.0
- Patched versions: 0.7.30, 0.8.1, 1.0.1