Newly discovered open source software packages on the npm platform contain scripts that broadcast peace messages related to ongoing conflicts in Ukraine and on the Gaza Strip when they are deployed, according to research conducted by ReversingLabs. 

The packages are just the latest examples of so-called “protestware,” a recurrent issue in the open source software ecosystem in which application developers conceal political messages inside open source code, often designing it to display to the user after an application is installed or when it is executed.

Although the latest packages are not malicious, they underscore a persistent risk in open source software, in which unintended and malicious features can lurk undetected — even in widely used applications.

The post Protestware taps npm to call out wars in Ukraine, Gaza appeared first on Security Boulevard.

Paul Roberts

Source: Security Boulevard
Source Link: https://securityboulevard.com/2023/11/protestware-taps-npm-to-call-out-wars-in-ukraine-gaza/