This past week has been an interesting one in the world of open source software. In corrupting these two libraries, which collectively account for more than 20 million weekly downloads and thousands of dependent projects, the developer effectively broke thousands of projects that depended on them.

In response to the corrupted libraries, Microsoft quickly suspended his GitHub access and reverted the projects on npm. A GitHub spokesperson offered this statement to the actions: “GitHub is committed to ensuring the health and security of the npm registry. We removed the malicious packages and suspended the user account in accordance with npm’s acceptable use policy regarding malware, as outlined in our Open Source Terms.

Related Articles