zlacker

[parent] [thread] 3 comments
1. bartre+(OP)[view] [source] 2018-11-27 13:25:58
> recent nodejs security issue.

Uh-oh. I hadn't been aware of this. Do you have a link, please? (Quick google didn't help much.)

replies(1): >>BlahBo+q6
2. BlahBo+q6[view] [source] 2018-11-27 14:24:36
>>bartre+(OP)
It's possible that they're referring to this crypto-currency backdoor that was slipped into the event-stream dependency?

https://github.com/dominictarr/event-stream/issues/116

Edit: it attempts to steal crypto-currency; it doesn't mine it.

replies(2): >>bartre+OL7 >>bartre+iM7
◧◩
3. bartre+OL7[view] [source] [discussion] 2018-11-30 19:38:26
>>BlahBo+q6
Thanks!
◧◩
4. bartre+iM7[view] [source] [discussion] 2018-11-30 19:41:33
>>BlahBo+q6
Also, er, bloody hell. These comments are completely out of hand. Examples:

"You put at risk millions of people, and making something for free, but public, means you are responsible for the package."

"There is a huge difference between not maintaining a repo/package, vs giving it away to a hacker (which actually takes more effort than doing nothing), then denying all responsibility to fix it when it affects millions of innocent people."

Where do these people get off?

[go to top]