Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Are there examples of these types of actions in other circles outside of the .NET ecosystem? I knew about the FluentAssertions ordeal, but the Moq thing was news to me. I guess I've just missed it all.


node-ipc is a recent example from the Node ecosystem. The author released an update with some code that made a request to a geolocation webservice to decide whether to wipe the local filesystem.


Yeesh. Found an article for anyone interested: https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-pack...

I like this comment from u/mailto_devnull (https://www.reddit.com/r/node/comments/tg451e/do_not_use_nod...):

  Where do I stand on the war? I stand with Ukraine.
  Where do I stand on software supply chain issues? I stand with not fucking around with the software supply chain.


Missed them too. Always was annoyed by FluentAssertions anyway, some contractor added it to a project that we took over couldn't see the value add.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: