Comment by bartread
7 years ago
> recent nodejs security issue.
Uh-oh. I hadn't been aware of this. Do you have a link, please? (Quick google didn't help much.)
7 years ago
> recent nodejs security issue.
Uh-oh. I hadn't been aware of this. Do you have a link, please? (Quick google didn't help much.)
It's possible that they're referring to this crypto-currency backdoor that was slipped into the event-stream dependency?
https://github.com/dominictarr/event-stream/issues/116
Edit: it attempts to steal crypto-currency; it doesn't mine it.
Also, er, bloody hell. These comments are completely out of hand. Examples:
"You put at risk millions of people, and making something for free, but public, means you are responsible for the package."
"There is a huge difference between not maintaining a repo/package, vs giving it away to a hacker (which actually takes more effort than doing nothing), then denying all responsibility to fix it when it affects millions of innocent people."
Where do these people get off?
Thanks!