abcdefg
3 months ago  Karma: 97
What should I check before using an open source repository?

I love open source! I am an open source contributor, but this kind of "hacks" will kill open source.

In a nutshell, the hack goes as follow;
1. Create a useful open source package.
2. Market the package so that the target starts using the package inside their application.
3. Wait for the target to get a big enough audience.
4. Update the open source package to contain some sort of malware to steal data or money from the Target's aduience.
5. Milk the audience or the target for more money.

This is much more common than you think. At BlockX Labs, we strongly prefer to use the packages supported by at least one full-time contributor.

I'm compiling a list of ways this can be avoided. Like or Show Reaction (curious) or share if you want to go d out the results. Comment, if you have any suggestions or questions. I'll aim to tag you in the comment to give you the due credit.

Let's build an awesome open source community together.

Reason to ask this question;
https://blog.npmjs.org/post/185397814280/plot-to-steal-cryptocurrency-foiled-by-the-npm

en
zombiebattleground
Opensource
Opensource Governance
DAPP development
abcdefg
3 months ago  Karma: 97
What should I check before using an open source repository?

I love open source! I am an open source contributor, but this kind of "hacks" will kill open source.

In a nutshell, the hack goes as follow;
1. Create a useful open source package.
2. Market the package so that the target starts using the package inside their application.
3. Wait for the target to get a big enough audience.
4. Update the open source package to contain some sort of malware to steal data or money from the Target's aduience.
5. Milk the audience or the target for more money.

This is much more common than you think. At BlockX Labs, we strongly prefer to use the packages supported by at least one full-time contributor.

I'm compiling a list of ways this can be avoided. Like or Show Reaction (curious) or share if you want to go d out the results. Comment, if you have any suggestions or questions. I'll aim to tag you in the comment to give you the due credit.

Let's build an awesome open source community together.

Reason to ask this question;
https://blog.npmjs.org/post/185397814280/plot-to-steal-cryptocurrency-foiled-by-the-npm

en
zombiebattleground
Opensource
Opensource Governance
DAPP development

Earn tokens by posting and answering questions about blockchain!
Karma to eth
BE THE FIRST TO ANSWER