zlacker

[parent] [thread] 2 comments
1. BlahBo+(OP)[view] [source] 2018-11-27 14:24:36
It's possible that they're referring to this crypto-currency backdoor that was slipped into the event-stream dependency?

https://github.com/dominictarr/event-stream/issues/116

Edit: it attempts to steal crypto-currency; it doesn't mine it.

replies(2): >>bartre+oF7 >>bartre+SF7
2. bartre+oF7[view] [source] 2018-11-30 19:38:26
>>BlahBo+(OP)
Thanks!
3. bartre+SF7[view] [source] 2018-11-30 19:41:33
>>BlahBo+(OP)
Also, er, bloody hell. These comments are completely out of hand. Examples:

"You put at risk millions of people, and making something for free, but public, means you are responsible for the package."

"There is a huge difference between not maintaining a repo/package, vs giving it away to a hacker (which actually takes more effort than doing nothing), then denying all responsibility to fix it when it affects millions of innocent people."

Where do these people get off?

[go to top]