Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts. They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
More like this (3)
Kent C. Dodds joined the show to talk about guiding and supporting first time contributors to...
The Changelog #257: The Power of Wikis, the Problem with Social Networks, the Promise of A.I. with Evan Prodromou
Evan Prodromou has been involved in open source since the mid ‘90s. His open source travel...
The Changelog #259: ANTHOLOGY — The Future of Open Source at OSCON 2017 with Kelsey Hightower, Safia Abdalla, Nadia Eghbal & Mike McQuaid
This is an anthology episode from OSCON 2017 featuring awesome conversations with Kelsey Hightower (OSCON Co-Chair...