[Announce]: Cautionary note re: incorporating fixes/features #2547
Description
🔎 Search Terms
slow accept pull requests maintained
The problem
FYI, there are active attacks attempting to get malware into popular npm packages, especially logging utilities. Though it seems the primary strategy is to make new malicious packages instead of attacking existing ones, you may see maintainers here being even slower than our usual slow to merge pull requests. Apologies in advance!