Corrupted NPM libs - Faker and Colors - the dark side of Open Source

preview_player
Показать описание
In this video you will learn the background story, and what's more important, how to protect your applications from being injected with corrupted libraries!

#quadmeup #npm #opensource

0:00 Intro
0:16 What exactly happened to faker and colors NPM libs
2:23 Did the developer have a right to do it?
2:50 What MIT license says about that
4:12 How to protect your application
5:42 Outro

  1. PS After Hours
  2. open source
  3. npm
  4. faker js
  5. colors js
  6. corrupt library
Рекомендации по теме
Corrupted NPM libs 0:05:48

Corrupted NPM libs - Faker and Colors - the dark side of Open Source

How to protect 0:01:40

How to protect NPM from corrupted libraries?

JavaScript Dev Corrupts 0:10:41

JavaScript Dev Corrupts Popular NPM Library

The Bad Side 0:19:10

The Bad Side Of Open Source | The Faker.js Scandal

NEVER buy from 0:00:46

NEVER buy from the Dark Web.. #shorts

NPM Packages Hacked 0:08:02

NPM Packages Hacked - here's how to prevent it ⚡

The Truth About 0:04:10

The Truth About Faker.js Reupload(The Original)

🔴 LIVE: What 0:23:46

🔴 LIVE: What happened To Aaron Swartz | Why FakerJS Was Removed From NPM | Dark Side Of Open Source...

The Dark Side 0:00:48

The Dark Side of Game Development Why Open Source Wins

A$$holes versus Open 0:03:57

A$$holes versus Open Source software

Is Open Source 0:09:48

Is Open Source in Trouble ?

Open Source developers 0:03:45

Open Source developers do not work for free

RUST has TAKEN 0:04:19

RUST has TAKEN over LINUX 🐧 - Dev News

TR19: Fetch exploit 0:41:21

TR19: Fetch exploit - Attacks against source code downloaders

Dependency Injection, The 0:13:16

Dependency Injection, The Best Pattern

The dark side 0:43:50

The dark side of open source productivityBy Jamie Scott

Circles and rectangles 0:00:18

Circles and rectangles into animation.

Node.js Wroclaw #7 1:43:30

Node.js Wroclaw #7 'Why so hard?' by Oleksandr Tryshchenko

10 Millionen USD 0:07:44

10 Millionen USD 'Kopfgeld' auf Ransomware-Akteure? 😈 – US-Polizei-Leak, NPM Packages...

BREAKING: Firefox HTTP3, 0:30:12

BREAKING: Firefox HTTP3, Microsoft y2k22 bug, Apple, Google #peakbugs, Tesla, AI & more!

Feross: WebTorrent: How 0:48:40

Feross: WebTorrent: How I Built a BitTorrent Client in the Browser | JS.LA May 2014

Unearthing Malicious And 0:42:10

Unearthing Malicious And Risky OpenSource Packages Using Packj by Ashish Bijlani Devdutt Patnaik

Rootless, Reproducible, and 0:29:37

Rootless, Reproducible, and Hermetic: Secure Container Build Showdown - Andrew Martin, Control Plane

security.ac.nz 2019 - 0:36:33

security.ac.nz 2019 - John DiLeo - Security Considerations for Mobile Apps and APIs

Комментарии
Автор

I guess the industry will wring its hands together for a while ... then blame the developer... then carry on freeloading 🤦

threebadmicefpv
Автор

Thanks for the background and explanations.
I had only heard it on the floor in a hurrry and did not get behind it, except that someone had intentionally broken the latest version which causes a kind of confusion and how to protect the systems. But I had not time so I missed a lot I guess.

typxxilps
Автор

I think it's cool that he did this. I like this guy for it. Also, I haven't used these libraries so it did not affect me.

ChemistTea
Автор

open source software has got license and most license contains clause of "absolute no warranty" and "no liablity"

raviverma
Автор

It's a good idea to pin packages to specific versions for a multitude of reasons, but if you think most teams actually verify that a package doesn't have "unwanted side effects" you're kidding yourself. Just download and use, screw the consequences, is my experience working with different teams unfortunately.

johanrg
Автор

Legal: Probably. Ethical: No. If he expected compensation, he could have chosen another license. It's not fair to say something is free and then feel bad when someone uses it for free. He lost a lot of trust when doing what he did. As a developer, he needs people to trust him.

breakflight
Автор

Same for windows updates, just turn them off. ;)

Server
Автор

The deliberate actions of the maintainer should be criminally charged and prosecuted. The license terms are not protective cover for malicious behaviour.

xA