CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
Dark Reading

Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks

The maintainer of a widely used open source module for Windows, Linux, and Mac environments recently sabotaged its functionality to protest the war in Ukraine and in the process focused attention once ...
Threat Post

Dev Sabotages Popular NPM Package to Protest Russian Invasion

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. The developer ...
IT News For Australia Business

'Protestware' npm package dependency labelled supply-chain attack

Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...
InfoWorld

Node.js alert: Google engineer finds flaw in NPM scripts

Node.js developers, run NPM install at your own risk -- a self-replicating worm can easily spread through the ecosystem Never assume a file downloaded from the Internet is safe. That warning also ...