[SECURITY] `coa` is compromised

[Josh-Cena]

The coa package is compromised. Do NOT run install on your computer before there's a fix. The CI checks on our repo are failing because of this.

See the diff: https://my.diffend.io/npm/coa/2.0.2/2.0.4

And the issue: veged/coa#99

[Josh-Cena]

The problematic versions are taken down. Quick action from NPM 👍

[slorber]

😓 is this going to happen evrey week now

[Josh-Cena]

😓 is this going to happen evrey week now

Until NPM requires 2FA for popular packages :D

FYI the two hacks are initiated by the exact same person

[josh-kaplan]

It does look like this one only impacted Windows users (veged/coa#99)