Sunday, 12 August, 2018 UTC


Recently, there was an issue with eslint-scope that gave the JavaScript community a good scare. I wrote about it one day after it happened os feel free to go and read the article here.
The gist was that some malicious third party was exfiltrating NPM auth tokens that it would probably later use to infect more packages in a ripple-like manner.
What's even funnier is that while I was listening to Ryan Dahl's 2018 JSConf presentation, I heard him complain about a similar hypothetical situation with ESLint, namely, that it could take over your computer, due to Node's non-restrictive model with filesystem and network access.
It's the first episode I've recorded in a while and I'd be happy if you would listen to it and give me some feedback. I'm going to publish a new episode each Tuesday so stay tuned.