Hi, I'm Courtney! I'm a North American wife, mom and UX engineer.

I love video games where you farm stuff.*

All opinions are my own, and do not reflect the attitudes of the company I work for. They know better.

* No, not Farming Simulator, sorry.

© 2009 – 2023 Courtney Cloudman

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus

https://arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/

Third-party dependencies can be very cool, but they're also a great way to introduce unexpected vulnerabilities to your code. For whatever reason, NPM packages seem particularly susceptible to these problems.

Russia's aggression is catastrophic and unjustified, and the apparent intent of the code was to add a little more pressure to Russia & Belarus to withdraw from Ukraine, by disrupting systems in those countries using the library. Unfortunately, this was a rotten way to do it, because the consequences are unpredictable and often unintended, and could affect good people doing good work. Especially if this unverified allegation is true.