Dev Time Stories

Recently, there was an issue with eslint-scope that gave the JavaScript community a good scare. I wrote about it one day after it happened os feel free to go and read the article here: https://oprea.rocks/blog/fix-eslint-scope-backdoor The gist was that some malicious third party was exfiltrating NPM auth tokens that it would probably later use to infect more packages in a ripple-like manner. What's even funnier is that while I was listening to Ryan Dahl's 2018 JSConf presentation, I heard him complain about a similar hypothetical situation with ESLint, namely, that it could take over your computer, due to Node's non-restrictive model with filesystem and network access. It's the first episode I've recorded in a while and I'd be happy if you would listen to it and give me some feedback. I'm going to publish a new episode each Tuesday so stay tuned.