The authors of node-ipc have pushed malware in an update, which wipes your disk if you happen to have Russian or Belorussian IP address. This affects some large projects [@bantg, Twitter]

murtaza64, 10 months ago

In the statement from the NGO they threaten legal action. Is there grounds/precedent for such a thing? Don’t you use open source code at your own risk?

TheAnonymouseJoker, 10 months ago

Node-ipc is used in way too many places.

Kerb, 10 months ago

im of course not a lawyer,
but id expect that there might be a diffrence between stuff breaking or not working as expected, and what sounds like intentional sabotage

priapus, 10 months ago

It does not actually wipe your disk, it just places a file on the users desktop. It seems the author originally wanted to wipe the users disk, but decided against it. Shit like this is a great reason to always pin your dependencies and do your research before upgrading them.

TheAnonymouseJoker, 10 months ago

Pretty sure the author decided to do it in the first place. That moron is the reason why I hesitate to install LITERALLY ANY NPM PACKAGE now.

jxk, 10 months ago

Lol

isleofmist, 2 years ago

This is terrible and node-ipc should not have done this. It’s shameful conduct by node-ipc authors.

AgreeableLandscape, 2 years ago

“We hate your government, not you. So we’re going to screw you over just for being in a specific place.”