Re: Javascript
Re DLL-hell RPM-hell
Somehow over the years, these were magically fixed
The question remains, what happened in this case in the npm repository?
Also, what do other open-source Git-controlled projects do to avoid similar problems
The only obvious process error is that the original developer handed the package to the malware developer
In other free software projects, the normal way a stranger takes control of an abandoned package is to fork a copy in his own repository. I sympathise with the original developer wanting to abandon his package, but he should have either deleted it (with consequences for dependent apps) or just stopped updating it
Your point about testing is valid, to a point
In this specific case, is it reasonable for a developer to anticipate the introduction of malware which leaks confidential keys to a thief, and test for it? Until the theft actually occurs, the app works perfectly in a normal testing scenario
Do any other Bitcoin wallet apps test for leakage of secret keys?