I’ve lost a blog post / twitter thread, it was excellent and I cannot for the life of me find it.
It was someone who installed every Python package (might not have been Python) and ended up getting completely pwned by malicious packages, found anime porn on their computer, all sorts.
Help? 🙏
It was someone who installed every Python package (might not have been Python) and ended up getting completely pwned by malicious packages, found anime porn on their computer, all sorts.
Help? 🙏
Comments
but there's also some other vibes/description based search engine I just can't remember it at the moment
https://jordan-wright.com/blog/post/2020-11-12-hunting-for-malicious-packages-on-pypi/
perplexity search: https://www.perplexity.ai/search/ive-lost-a-blog-post-twitter-t-GS1RxKL2TCqZhAb6o7QPGQ
https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/
https://bsky.app/profile/samwho.dev/post/3lekblh2mlc2f
https://moyix.blogspot.com/2022/09/someones-been-messing-with-my-subnormals.html?m=1
@sassnow.ski you will enjoy reading this.
"everything" was in 2024 https://www.sonatype.com/blog/everything-matters-why-the-npm-package-sparked-controversy
"no-one-left-behind" in 2023 https://www.scworld.com/news/npm-registry-prank-leaves-developers-unable-to-unpublish-packages
But I remember it as far back as 2021, but cannot find a reference to that event.