First of all thanks a lot for your work in this library! Recently, the GitHub project of qr.js (linked by npm) has been compromised and points to an empty repo
There's another repo that contains the original code (AFAICT) linked here and it seems to be the same author.
Not sure what's the best practice is here, from the top of my head in a descending order security-wise, either link directly to the second GitHub repo in your package.json, fork the repo under your account, or even vendor in the minified version of qr.js and include it in your library.
Cheers!
First of all thanks a lot for your work in this library! Recently, the GitHub project of
qr.js(linked by npm) has been compromised and points to an empty repoThere's another repo that contains the original code (AFAICT) linked here and it seems to be the same author.
Not sure what's the best practice is here, from the top of my head in a descending order security-wise, either link directly to the second GitHub repo in your package.json, fork the repo under your account, or even vendor in the minified version of
qr.jsand include it in your library.Cheers!