Parca gasisem prin articol ceva legat de inspectia detaliata a pull request-urilor la un proiect open sorce. Se poate ascunde cod obfuscat si greu de detectat. Cod cu intentii rele !
Poate nu am citit bine articolul
I’ve now made several hundred PRs (various user accounts, no, none of them as “David Gilbertson”) to various frontend packages and their dependencies. “Hey, I’ve fixed issue x and also added some logging.”
Look ma, I’m contributing to open source!
There are a lot of sensible people out there that tell me they don’t want a new dependency, but that was to be expected, it’s a numbers game.
Overall, the campaign has been a big success and my colourful console code is now directly depended on by 23 packages. One of those packages is itself depended upon by a pretty widely used package — my cash cow. I won’t mention any names, but you could say it’s left-padding the coffers.
And this is just one package. I have 6 more on the boil.
I’m now getting about 120,000 downloads a month, and I’m proud to announce, my nasty code is executing daily on a handful of Alexa-top-1000 sites, sending me torrents of usernames, passwords and credit card details
Poate sunt putin paranoic !