npm Fiasco. Malware that Steals Bitcoin

By Xah Lee. Date: .

2018-11-27 am so enjoying npm's fiasco. a malware that steals bitcoin, obfuscated in event-stream package https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/

i hear it's used by Angular, Vue, Bootstrap. Which means, all websites you visit use it! npm, its leader, is a power hungry skum, and most js coder r milen gen ignoramus

npm's leader, from the few incidents i've seen over the years, is a power hungry skum. and js coders tend to be milen gen eedeots that r pillar of the sjstuff in programing community. also, in js land, 5 lines of code is a package.

npm flatmap-stream malware 2018-11-27 6f6b3
npm flatmap-stream malware 2018-11-27 6f6b3 [https://npm-stat.com/charts.html?package=flatmap-stream&from=2018-09-05&to=2018-11-27]

the npm malware has been downloaded 8 million times

you wonder, why in JavaScript land 5 lines is a package? i haven't looked in depth, but i think:

apparently, this happened to python recently

If you have a question, put $5 at patreon and message me.