<p>I wrote a piece about the latest issue in the Node.js community, where (in case you haven&#39;t read about it yet) a hacker gain access (through social engineering) to the source code of a package and added an attack, potentially stealing crypto currency wallets.
You can read about it here: https://blog.logrocket.com/the-latest-npm-breach-or-is-it-a427617a4185</p>
<p>Now, this happened mainly due to the original maintainer not caring about it&#39;s creation anymore, but this is not the exception, but rather very common  in our industry. Would you say we need to change the way we handle Open Source projects in order to help those developers maintain interest in their projects?
I&#39;d love to know what others think about that.</p>


I wrote a piece about the latest issue in the Node.js community, where (in case you haven't read about it yet) a hacker gain access (through social engineering) to the source code of a package and added an attack, potentially stealing crypto currency wallets.
You can read about it here: https://blog.logrocket.com/the-latest-npm-breach-or-is-it-a427617a4185

Now, this happened mainly due to the original maintainer not caring about it's creation anymore, but this is not the exception, but rather very common  in our industry. Would you say we need to change the way we handle Open Source projects in order to help those developers maintain interest in their projects?
I'd love to know what others think about that.

Is our current Open Source model broken?

Product

Explore

Company

Blogs

Support