Ax Sharma, writing for Bleeping Computer:
This month, the developer behind the popular npm package ‘node-ipc’ released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War. Newer versions of the ‘node-ipc’ package began deleting all data and overwriting all files on developer’s machines, in addition to creating new text files with “peace” messages. [...]
The way the Node community works, just blindly slurping in other people’s package updates without knowing what’s in them, continues to boggle my mind.