Is the Protestware still there? about node-ipc HOT 20 CLOSED

I am sorry for that, there won't be any more protest ware like that. I will be moving the current stuff to the console log as the first update too.

from node-ipc.

I hope no more protestwares will be added. Had to go through lot of pain to remove node-ipc from a project earlier. I'll be looking forward to contributing.

from node-ipc.

Looks like this repo got completely wiped and reinitiated, with code that seems to be dated back before the protestware.
However please note that this could also mean any change in the commit history and code (but this needs verification).

The original (before wipe) latest versions without the "protestware" were:

• For version v9: v9.2.1
• For version v10/v11: v10.1.0

For historical purposes:
More info: https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
The issue that started all: https://web.archive.org/web/20220317042712/https://github.com/RIAEvangelist/node-ipc/issues/233
Also a drop-in fork: achrinza/node-ipc#1

from node-ipc.

@miguelcagidefagin NPM's latest is 11.1.0, You want to you want to pin 10.1.0 from NPM or point your dependency to this repo directly.

As @frzsombor so kindly wrote:

The original (before wipe) latest versions without the "protestware" were:

• For version v9: v9.2.1
• For version v10/v11: v10.1.0

I also recommend you run 'is-my-node-supply-chain-secure' to see how many vulnerable packages you have on your computer. It will scan all your packages system-wide and report which ones are the most likely to have supply chain vulnerabilities in them. It can take a long time depending on how big your system is, you will see each package pop up in the terminal when a vulnerability is found.

Remember to pin your deps at all times. npm-pin-dependencies
might be helpful to use from time to time. Also, remember to use npm ci instead of npm i when possible. If you don't know what pinning is yet, read this article on pinning

I am working with NPM to regain account access now so I can update the package to be optional.

from node-ipc.

from node-ipc.

By releasing v12.0 as the NPM version, it can be declared that there are no problems with 12 and later. This seems to be the fastest and most effective solution. The library called @latest will be released as the latest version, v12.0.

from node-ipc.

Don't use, malware could be injected anytime

from node-ipc.

@ramazansancar as it stands, currently people can choose to use the older version or the current version, all features are the same.

There is so much war happening in the world today, we could put this behind an option and allow engineers to decide for themselves where they stand.

Everything harkens back to what happened in World War 2. It is easy to forget what happened now that it has been so long.

The whole world has gone crazy for the past few years. I am open to PRs.

from node-ipc.

from node-ipc.

I still got the txt file with npm version a month ago.

from node-ipc.

Seems like the https://www.npmjs.com/package/node-ipc package is still pushing the version with the protestware npm -v 10.4.0 node -v 21.6.1 btw

from node-ipc.

v10.1.0 is the latest which does not make a request for peace.

If users find that offensive then just set it to that version as it is the latest before all this crap happened.

Latest also has some other updates to it too, however, none are critical that I am aware of. When the war is over the module will no longer make a call for peace.

from node-ipc.

The description is above already as well.

from node-ipc.

@RIAEvangelist I'm using the version 10.1.0 but it keeps showing the ♥ symbol in the console. Is that also part of the protestware? is there a way to remove it?

from node-ipc.

It might make sense to publish a new version here to solve the 'protestware' and 'peacenotwar' problems. @RIAEvangelist

https://www.npmjs.com/package/node-ipc

Hello from Turkey 🙌

from node-ipc.

I am open to suggestions as to the best way to resolve this. Perhaps a flag of some kind?

from node-ipc.

By releasing v12.0 as the NPM version, it can be declared that there are no problems with 12 and later. This seems to be the fastest and most effective solution. The library called @latest will be released as the latest version, v12.0.

Hasn't a solution been implemented for this place yet? @RIAEvangelist

from node-ipc.

@ramazansancar just pushed the changes to GH. The war is now bidirectional and they will figure things out their way. People of the world should pray for peace and no more forced or carried on bloodshed.

One day, this all will change, treat people the same
Stop with the violence, down with the hate
One day, we'll all be free and proud to be
Under the same sun, singin' songs of freedom

I understand why this is happening, I just don't agree with continued bloodshed, fighting, hate and destruction. It is sad. Hopefully ML and AI can help with this in more than one way, and bring about an era of prosperity and peace without war where people can be free to understand themselves and this place in freedom and joy.

v12.0.0 will be released as suggested. I'm going to push another as this issue and your suggestion qualify you to be a contributor now because you had a direct impact and positive suggestion without hate.

Thank you.

from node-ipc.