Home > database >  Why access to node-ipc has been blocked?
Why access to node-ipc has been blocked?

Time:03-19

While building a new pipeline on Azure DevOPS, I got issue about access blockage to node-ipc.

CodePudding user response:

Newer versions have a security issue stated here. The issue is fix by adding following override in the package.json.

"overrides": { "node-ipc@>9.2.1 <10": "9.2.1", "node-ipc@>10.1.0": "10.1.0" },

CodePudding user response:

Maybe try something else. Basically the dev went full bonkers and he included obfuscated malware to destroy all files with a "peace and love" message consisting of single heart unicode symbol. I know how that sounds, and yeah it deserves moron of the century award by itself. But it gets better.

He intended this "love message" for russians and belarussians only, using some geoip service to profile his victims. Considering how erratic geolocation by ip is, everyone was sitting on a ticking bomb.

Then when the community figured it out, he started to pretend that this code never existed. Then when users shown him his own obfuscated file (:D) he insisted that there was malware indeed... but he made it so "it wasn't working". When i'm writting software i'm also taking care that it won't work before deploying it so it made perfect sense...

Untill someone de-obfuscated the malware file and a guy from some NGO which monitored war crimes claimed their reports got erased with "peace message" of that idiot. So at the end our "hero" told him that it was their fault as they didn't kept backups and they may be prosecuted according to some US law, because they haven't protected their data enough. So suddenly the malware was no longer "not working" and some victims of it should be even put in jail! :D

So be careful because this package could attempt to destroy all your data in the name of love, if mass media are not currently "enthusiastic" about your race, gender or nationality. Then the maintainer will put you in jail. At least the jailing will be done only in the land of peace loving unicorns (aka his head), however the data loss could happen in real world we all live in, so that could be a problem.

Page link:https//www.codepudding.com/database/340820.html

Prev:Jest mock module functions used in another module
Next:Convert entities when parsing XML to JSON using xml2js?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding