Hey people,

NPM ecosystem is in chaos due to massive supply chain attacks
https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack
https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages

Layered defense

I've taken pre-emptive actions to make sure vue-stripe-js remains safe

• 2FA enabled (since day 1)
• deleted all npm tokens (better safe than sorry)
• raised my awareness about phishing (not clicking email links)
• I use password manager (never entering credentials manually)
• only manual publishing
• no secrets in github actions