The authors of node-ipc have pushed malware in an update, which wipes your disk if you happen to have Russian or Belorussian IP address. This affects some large projects [@bantg, Twitter]

@TheAnonymouseJoker@lemmy.ml · 2 years ago

The authors of node-ipc have pushed malware in an update, which wipes your disk if you happen to have Russian or Belorussian IP address. This affects some large projects [@bantg, Twitter]

@priapus@sh.itjust.works · 9 months ago

It does not actually wipe your disk, it just places a file on the users desktop. It seems the author originally wanted to wipe the users disk, but decided against it. Shit like this is a great reason to always pin your dependencies and do your research before upgrading them.

@isleofmist@lemmy.ml · 2 years ago

This is terrible and node-ipc should not have done this. It’s shameful conduct by node-ipc authors.

@AgreeableLandscape@lemmy.ml · 2 years ago

“We hate your government, not you. So we’re going to screw you over just for being in a specific place.”

@jxk@sh.itjust.works · 9 months ago

@murtaza64@programming.dev · 9 months ago

In the statement from the NGO they threaten legal action. Is there grounds/precedent for such a thing? Don’t you use open source code at your own risk?

Kerb · 9 months ago

im of course not a lawyer,
but id expect that there might be a diffrence between stuff breaking or not working as expected, and what sounds like intentional sabotage

The authors of node-ipc have pushed malware in an update, which wipes your disk if you happen to have Russian or Belorussian IP address. This affects some large projects [@bantg, Twitter]

The authors of node-ipc have pushed malware in an update, which wipes your disk if you happen to have Russian or Belorussian IP address. This affects some large projects [@bantg, Twitter]

banteg (@bantg)