I think I'm just going to vibe code bespoke everything from now on and just block npmjs.com. I always knew it was incredibly insecure to just download shit but didn't have an alternative until now.
nader dabit (@dabit3)
This is crazy. The hacker installed a dead-man's switch that will wipe your computer if you revoke the GitHub token they stole from you. Revoking the token is what triggers the wipe.
— https://nitter.net/dabit3/status/2053956743621648789#m