npm Fiasco. Malware that Steals Bitcoin

By Xah Lee. Date: . Last updated: .

2018-11-27 Npm's fiasco. A malware that steals bitcoin, hidden in a package named flatmap-stream. It's used by Angular, Vue, Bootstrap. Basically all websites you visit use it. The npm malware has been downloaded 8 million times

From the few incidents i've seen over the years, i find the npm's leader, Isaac Z Schlueter to be a power hungry skum. And JavaScript coders tend to be milen gen eedeots that r pillar of the sj stuff in programing community. Also, in js land, 5 lines of code is a package. [see npm Disease]

You wonder, why in JavaScript land 5 lines is a package? I haven't looked in depth, but i think:

npm repo bitcoin stealer 2018-11
[Node.js package tried to plunder Bitcoin wallets By Thomas Claburn. At https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/ ]
npm flatmap stream malware 2018-11-27
npm flatmap stream malware 2018-11-27
npm flatmap-stream malware 2018-11-27 6f6b3
npm flatmap-stream malware 2018-11-27 6f6b3 [https://npm-stat.com/charts.html?package=flatmap-stream&from=2018-09-05&to=2018-11-27]

Python Lib Malware 2017-09

apparently, this happened to python recently

firefox EoHpfeRNLg skZNF
python lib malware 2017-09 [https://arstechnica.com/information-technology/2017/09/devs-unknowingly-use-malicious-modules-put-into-official-python-repository/]
python lib malware 2017-09
python lib malware 2017-09 [ https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/ ]