| ▲ | esseph 4 days ago | |||||||
> Always use password manager to automatically fill in your credentials Absolutely not. https://www.malwarebytes.com/blog/news/2025/08/clickjack-att... https://thehackernews.com/2025/08/dom-based-extension-clickj... https://www.intercede.com/the-dangers-of-password-autofill-a... | ||||||||
| ▲ | darthwalsh 2 days ago | parent [-] | |||||||
What's more likely, the real npm site has a subdomain with XSS (IIRC the issue you linked) or you are manually filling your password into a phishing site? There's strong evidence that the latter is a more common concern. | ||||||||
| ||||||||