![sabotage:-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus-[ars-technica]](https://i0.wp.com/upmytech.com/wp-content/uploads/2022/03/56009-sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus-ars-technica.jpeg?resize=760%2C380&ssl=1)
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus [Ars Technica]
Enlarge (credit: Getty Images)
A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software.
The application, node-ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries. As a dependency, node-ipc is automatically downloaded and incorporated into other libraries, including ones like Vue.js CLI, which has more than 1 million weekly downloads.
A deliberate and dangerous act
Two weeks ago, the node-ipc author pushed a new version of the library that sabotaged computers in Russia and Belarus, the countries invading Ukraine and providing support for the invasion, respectively. The new release added a function that checked the IP address of developers who used the node-ipc in their own projects. When an IP address geolocated to either Russia or Belarus, the new version wiped files from the machine and replaced them with a heart emoji.
Read 17 remaining paragraphs | Comments