Are people forgetting what open source is? About latest Nodejs package hack | Linux

0
Want create site? Find Free WordPress Themes and plugins.

Context: A widely used npm was discovered to have a dependency with an encrypted payload in it, which tries to steal bitcoins. [1].

I was reading through the github issue exposing the attack, and some people had some less then nice things to say about the dev who handed over the project (event-stream) to another dev who put the payload in.

You put at risk millions of people, and making something for free, but public, means you are responsible for the package.

If you read through the thread, there are more salty people.

My problem: Are people what code is? How most of the time it has the warning

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY…

There is a responsibility for the dev to make sure they vet what is being put into, but also a larger responsibility for large company’s to vet dependency themselves, such as this package event-stream

Bonus:Commit which added bad dependency, flatmap-stream

Edit: typos

submitted by /u/1fabunicorn
0


Did you find apk for android? You can find new Free Android Games and apps.

You might also like More from author

Leave A Reply

Your email address will not be published.