npm has taken down the Stylus library, replacing it with a security holding page, disrupting various builds worldwide. Stylus, which is actively used and downloaded millions of times weekly, was flagged incorrectly as a malicious package. Developer Lei Chen confirmed that this was an accident and that he awaits restoration of the library. The situation has led to failures in software updates for many developers relying on Stylus and its associated frameworks.
npm has taken down all versions of the real Stylus library and replaced them with a 'security holding' page, breaking pipelines and builds worldwide that rely on the package.
Stylus was accidentally banned by npmjs, states Stylus developer Lei Chen in a GitHub issue. The project maintainer is currently waiting for npmjs to restore access to Stylus.
I am the current maintainer of Stylus. The Stylus library has been flagged as malicious, which has caused many libraries and frameworks that depend on Stylus to fail to install.
My builds are failing so my software updates don't publish because of this administrative error, posted one developer.
Collection
[
|
...
]