Hacker News
- NPM package compromised by author: erases files on RU / BY computers on install https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 164 comments
Lobsters
- Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 20 comments security
- Node.js library updated to overwrite all files and leave anti-war messages for users with Russian and Belarussian IPs https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability 66 comments programming
- NPM supply chain attack: node-ipc and peacenotwar sabotaged as an act of protest by the maintainer https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 37 comments netsec
- Vue.js applications with the dependency "node-ipc" are experiencing a critical supply chain vulnerability as a result of the nested dependencies node-ipc and peacenotwar being sabotaged as an act of protest (of the invasion of Ukraine) by the maintainer of the node-ipc package https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 5 comments programming
- npm package node-ipc was found to contain malicious code that wipes files on disk https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 54 comments node
- Vue.js developers impacted due to malicious security incident involving npm package node-ipc which alters files on their drives https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 57 comments javascript
Linking pages
- BIG sabotage: Famous npm package deletes files to protest Ukraine war https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/ 624 comments
- Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica https://arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/ 176 comments
- “Protestware”: A Slippery Slope | codeshaunted https://codeshaunted.com/2022/03/23/protestware-a-slippery-slope.html 167 comments
- Is it worth using Open Source for political statements? https://www.brainfart.dev/blog/open-source-and-politics 31 comments
- A Developer Altered Open Source Software to Wipe Files in Russia | WIRED https://www.wired.com/story/developer-altered-open-source-software-to-wipe-files-in-russia/ 24 comments
- hozy.dev https://hozy.dev/posts/trusting-trust/ 23 comments
- GitHub - privatenumber/pkgroll: 📦 🍣 Next-gen package bundler for TypeScript & ESM https://github.com/privatenumber/pkgroll 9 comments
- Protestware - How node-ipc turned into malware | LunaTrace https://www.lunasec.io/docs/blog/node-ipc-protestware/ 6 comments
- CVE-2022-23812 | RIAEvangelist/node-ipc is malware / protest-ware · GitHub https://gist.github.com/MidSpike/f7ae3457420af78a54b38a31cc0c809c 5 comments
- NPM security: preventing supply chain attacks | Snyk https://snyk.io/blog/npm-security-preventing-supply-chain-attacks/ 3 comments
- This Week In React #99: Remix, Next.js, Redux, Memoization, Storybook, Ladle, Wix, Shopify, React-Native, CodeSandbox, Prettier, Deno... | Revue https://www.getrevue.co/profile/thisweekinreact/issues/this-week-in-react-99-remix-next-js-redux-memoization-storybook-ladle-wix-shopify-react-native-codesandbox-prettier-deno-1088057 1 comment
- tag-security/supply-chain-security/compromises at main · cncf/tag-security · GitHub https://github.com/cncf/sig-security/tree/master/supply-chain-security/compromises 0 comments
- GitHub - mbullington/goodpkg: ALPHA: Run npm/yarn in a macOS sandboxed container. Stop unprotected `npm install`! https://github.com/mbullington/goodpkg 0 comments
- tag-security/supply-chain-security/compromises at main · cncf/tag-security · GitHub https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises 0 comments
- GitHub - lirantal/awesome-nodejs-security: Awesome Node.js Security resources https://github.com/lirantal/awesome-nodejs-security 0 comments
Linked pages
- Why npm lockfiles can be a security blindspot for injecting malicious modules | Snyk https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 160 comments
- GitHub - RIAEvangelist/peacenotwar https://github.com/RIAEvangelist/peacenotwar 23 comments
- GitHub · Where software is built https://github.com/RIAEvangelist/node-ipc/issues/233 8 comments
- Unity Hub Release Notes - Unity https://unity3d.com/hub/whats-new 2 comments
- 10 npm Security Best Practices | Snyk https://snyk.io/blog/ten-npm-security-best-practices/ 2 comments
- Open source maintainer pulls the plug on npm packages colors and faker, now what? | Snyk https://snyk.io/blog/open-source-npm-packages-colors-faker/ 0 comments
Would you like to stay up to date with Web Development? Checkout Web Development
Weekly.
Related searches:
Search whole site: site:snyk.io
Search title: Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine | Snyk
See how to search.