• Preston Maness ☭
    link
    fedilink
    12 years ago

    Between March 7 and March 8, versions 10.1.1 and 10.1.2 of the library were released. When imported as a dependency and run by a project, these checked if the host machine had an IP address in Russia or Belarus, and if so, overwrote every file it could with a heart symbol. Version 10.1.3 was released soon after without this destructive functionality; 10.1.1 and 10.1.2 were removed from the NPM registry.

    Version 11 was then published, and the following week version 9.2.2. Both brought in a new package by Miller called peacenotwar, which creates files called WITH-LOVE-FROM-AMERICA.txt in users’ desktop and OneDrive folders. This text file is supposed to contain a message from the developer stating among other things, “war is not the answer, no matter how bad it is,” though some folks reported the file was empty.

    This is your brain on liberalism.