Economy

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus

Enlarge (credit: Getty Images)

The developer of a popular open source package has been caught adding malicious code to it, leading to wiped files on computers located in Russia and Belarus. The move was part of a protest that has enraged many users and raised concerns about the safety of free and open source software.

The application, node.ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries. As a dependency, node.ipc is automatically downloaded and incorporated into other libraries, including ones like Vue.js CLI, which has more than 1 million weekly downloads.

A deliberate and dangerous act

Two weeks ago, the node.ipc author pushed a new version of the library that sabotaged computers in Russia and Belarus, the countries invading Ukraine and providing support for the invasion, respectively. The new release added a function that checked the IP address of developers who used the node.ipc in their own projects. When an IP address geolocated to either Russia or Belarus, the new version wiped files from the machine and replaced them with a heart emoji.

Read 18 remaining paragraphs | Comments

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close
Close