The authors of node-ipc have pushed malware in an update, which wipes your disk if you happen to have Russian or Belorussian IP address. This affects some large projects [@bantg, Twitter]

murtaza64, 9 months ago

In the statement from the NGO they threaten legal action. Is there grounds/precedent for such a thing? Don’t you use open source code at your own risk?

TheAnonymouseJoker, 9 months ago

Node-ipc is used in way too many places.

Kerb, 9 months ago

im of course not a lawyer,
but id expect that there might be a diffrence between stuff breaking or not working as expected, and what sounds like intentional sabotage

priapus, 9 months ago

It does not actually wipe your disk, it just places a file on the users desktop. It seems the author originally wanted to wipe the users disk, but decided against it. Shit like this is a great reason to always pin your dependencies and do your research before upgrading them.

TheAnonymouseJoker, 9 months ago

Pretty sure the author decided to do it in the first place. That moron is the reason why I hesitate to install LITERALLY ANY NPM PACKAGE now.

jxk, 9 months ago

Lol

isleofmist, 2 years ago

This is terrible and node-ipc should not have done this. It’s shameful conduct by node-ipc authors.

AgreeableLandscape, 2 years ago

“We hate your government, not you. So we’re going to screw you over just for being in a specific place.”