This content originally appeared on DEV Community and was authored by Voltra
Ladies and gentlemen, the fact that I have to talk politics 3 times in less than 3 months is an aberration in itself.
RIAEvangelist, the maintainer of node-ipc, self-sabotaged it by using the malware-like package peacenotwar. Not only that, it also sabotages npm developers (including, but not limited to, Vue CLI users) in order to "protest" the invasion of Ukraine. Not only that, it can also delete files based on a random if your IP is geolocated anywhere in Russia
This attitude of developers to "do whatever the fuck we want" has to stop. We have all the power but none of the responsibility. Many where fine when fakerjs (and colors) was self-sabotaged because its author expected payment without asking for it.
Life does have a sense of humor though: I've been working on an Oath for all scientists for 2 weeks now. I didn't plan on revealing it until it was finalized, but it looks like it might actually be interesting. It's not done yet, but feel free to have a look around.
Additional links:
- Discovery of the malware
- CVE-2022-23812
- WayBack machine link to commit introducting peacenotwar
- WayBack machine link to peacenotwar main source
- Stop mixing science and politics
- How attacks on ukraine showed us how fragile the deontology of the tech world is
This content originally appeared on DEV Community and was authored by Voltra
Voltra | Sciencx (2022-03-17T18:51:37+00:00) Fakerjs, colors, node-ipc… Why developers cannot be trusted. Retrieved from https://www.scien.cx/2022/03/17/fakerjs-colors-node-ipc-why-developers-cannot-be-trusted/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.