allow-scripts-pin 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +26 -0
  2. package/package.json +10 -0
package/README.md ADDED
@@ -0,0 +1,26 @@
1
+ # allow-scripts-pin
2
+
3
+ **Placeholder package — name reservation only.**
4
+
5
+ This package intentionally contains no code. It exists solely to reserve the
6
+ name `allow-scripts-pin` on the registry so it cannot be used for an npm
7
+ **argument-confusion** attack.
8
+
9
+ ```
10
+ npm install some-package allow-scripts-pin # typo — no "--"
11
+ ```
12
+
13
+ ## What it does
14
+
15
+ Nothing. There are:
16
+
17
+ - no dependencies
18
+ - no install/lifecycle scripts (`preinstall`, `postinstall`, …)
19
+ - no `bin` entries
20
+ - no `main` / no importable code
21
+
22
+ Installing or requiring it has no effect.
23
+
24
+ ## Adopting this name
25
+
26
+ If you have a legitimate use for the `allow-scripts-pin` name, feel free to reach out.
package/package.json ADDED
@@ -0,0 +1,10 @@
1
+ {
2
+ "name": "allow-scripts-pin",
3
+ "version": "1.0.0",
4
+ "description": "Placeholder package reserving this name to prevent npm argument-confusion squatting.",
5
+ "keywords": [
6
+ "placeholder",
7
+ "security"
8
+ ],
9
+ "license": "MIT"
10
+ }