back to article Malicious backdoored NPM package masqueraded as Twilio library for three days until it was turfed out

GitHub's NPM on Monday removed a JavaScript library called twilio-npm because it contained malicious code, which has become something of a recurring theme for the open-source JavaScript code registry. The offending library, designed to backdoor a victim's device and allow remote code execution, was spotted by Sonatype, the …

  1. Peter Prof Fox

    I'm impressed

    Isn't this how the internet is supposed to work? (Says an old fogey.) Issue --> Fix it. Anyone who expects the fire brigade to be on the scene before the fire breaks out is expecting too much.

    1. sabroni Silver badge

      Re: Isn't this how the internet is supposed to work?

      The problem is that the systems that detect malicious code don't scale in line with contributions.

    2. Doctor Syntax Silver badge

      Re: I'm impressed

      We do, however, expect reception not to let people carrying cans of petrol and matches get into the building.

  2. Anonymous Coward
    Anonymous Coward

    We're doomed

    In 10 years time, these same cut-n-paste coders will be writing code for traffic lights, power stations, medical equipment....

  3. Anonymous Coward
    Anonymous Coward

    That stable door is long open

    I have seen some very dubious source code in critical equipment. Companies have been outsourcing to sweatshops for decades

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like