Honestly, I was not expecting this announcement. Well done Roblox! 
Do this more often.
5 Likes
can someone explain in layman’s terms?
6 Likes
So… how do we identify if we installed the malicious version?
4 Likes
Use npm list and if a package that shows up is in the list they provided, congrats
6 Likes
Sorry… what is NPM list ?
And where to find it ?
Would like to know what to look for as well.
6 Likes
This is insane, I never thought that people would use a open-sourced api-communicator javascript package to perform really malicious activites on your personal device / server.
Thank you roblox for keeping us safe!
6 Likes
If you don’t know what npm list is (or really the npm ecosystem itself), you’re fine
9 Likes
Yea I guess, but they didn’t even announce their own data breach (a while ago) as far as I know.
7 Likes
I’m not sure if this is related, but today I’ve had an unauthorized trade where I lost my all expensive limited items, there were no verification requests from Authy app and the trade just appears in completed trades log.
Edit: I’ve filled a support ticket and hoping to receive my items back.
Edit2: Successfully retrieved my items back after contacting Roblox Support and disabled my trades completely to prevent this from happening again. A big thank you to Roblox Support team 
6 Likes
Glad that I don’t think I’ve installed this API otherwise my computer would have had some major problems. Thanks for letting us know!
5 Likes
thank you for the post and awareness,
3 Likes
I definitely agree, do not download programs from untrusted sources, e.g only download Roblox (both Studio and Player) from the official Roblox. Do not download Roblox from unverified sources who are pretending to be real roblox people.
This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.