npm Fiasco. Malware that Steals Bitcoin
npm flatmap-stream malware
2018-11-27 npm's fiasco. A malware that steals bitcoin, hidden in a package named flatmap-stream. It's used by Angular, Vue, Bootstrap. Basically all websites you visit use it. The npm malware has been downloaded 8 million times
From the few incidents i've seen over the years, i find the npm's leader, Isaac Z Schlueter to be a power hungry skum. And JavaScript coders tend to be milengen idiots that r pillar of the sj stuff in programing community. Also, in js land, 5 lines of code is a package. [see npm Disease]
You wonder, why in JavaScript land 5 lines is a package? I haven't looked in depth, but i think:
- JavaScript is really bad lang and no standard libraries.
- New gen of programers is a lot less capable, since ~2010.
- Npm leader Isaac Z Schlueter designed the rules to max npm popularity.
![npm repo bitcoin stealer 2018-11](i/npm_repo_bitcoin_stealer_2018-11.png)
![npm flatmap stream malware 2018-11-27](i/npm_flatmap_stream_malware_2018-11-27.png)
![npm flatmap-stream malware 2018-11-27 6f6b3](i/npm_flatmap-stream_malware_2018-11-27_6f6b3.png)
Python Lib Malware 2017-09
apparently, this happened to python recently
![firefox EoHpfeRNLg skZNF](i/firefox_EoHpfeRNLg_skZNF.png)
![python lib malware 2017-09](i/python_lib_malware_2017-09.png)