How is it possible that this code (line 9 of the index.js) isn't present in the source github repo, but can be seen in the beta feature of npmjs.com?
Also, the package 1.3.3 has been downloaded 0 times according to npmjs.com, how can the writer of this article has been able to detect this and not increment the download counter?
The discrepancy comes from how npm packages are published. What you see on GitHub is whatever the maintainer pushed to the repo, but what actually gets published to the npm registry doesn’t have to match the GitHub source. A maintainer (or someone with access) can publish a tarball that includes additional or modified files, even if those changes never appear in the GitHub repo. That’s why the obfuscated code shows up when inspecting the package on npmjs.com.
As for the “0 downloads” count: npm’s stats are not real-time. There’s usually a delay before download numbers update, and in some cases the beta UI shows incomplete data. Our pipeline picked up the malicious version because npm install resolved to it based on semver rules, even before the download stats reflected it. Running the build locally reproduced the same issue, which is how we detected it without necessarily incrementing the public counter immediately.
> How is it possible that this code (line 9 of the index.js) isn't present in the source github repo, but can be seen in the beta feature of npmjs.com
You may also be interested in npm package provenance [1] which lets you sign your npm published builds to prove it is built directly from the source being displayed.
This is something ALL projects should strive to setup, especially if they have a lot of dependent projects.
It seems like a great tool, but it's painfully slow for me (from France) and I got some errors when trying things "Application error: a client-side exception has occurred (see the browser console for more information)."
>Wars of the future can be fought with machines and the country with the most resources will win.
These machines are built to do the most damage on the enemy and not just their machines. Once the robots are down, the winning party don't hold theirs back.
Guns and bombs can hit further than arrows so enemies keep fighting further from the front line, but the death toll keeps increasing.
>the country with the most resources will win.
With more and better machines, even more resources will be put into wars. More resources get wasted, more machines get destroyed and more people get to die.
Total wars is a product of industrial revolutions. It changes the units in the scale of wars, from thousands victims to dozens of millions. And these machines - however smart and accurate - always end up killing civilians en masse. Look at the sophistication of the Israeli weapon system, what happened to Gaza in the past few weeks and tell me how technology saves lives in wars? It it isn't even symmetric warfare!
I hope you get to watch this incredible visualization one day, if you haven't already: The Fallen of WWII – https://vimeo.com/128373915
Except the machines will only fight each other as a defensive countermeasure. The goal will be extracting a political surrender by the government as always by which means terrorizing the populace and inflicting mass misery is the most effective means of pressuring the government. The armies purpose is to prevent that from happening, and as the armies disappear and it’s just metal on metal, the civilians become the ultimate target of the machines and much sharper in focus by the war planners.
Also it becomes easier to do things like sneak a kill bot drone into a city and release it as the ultimate asymmetric warfare aka terrorism. Your terror attacks no longer scale with your ability to train and insert fighters willing to die.
The truth of the matter is we already have the technology at the DIY level to do this, and it’s just a matter of time before AI kill bots become the standard of war.
>The goal will be extracting a political surrender by the government . . . terrorizing the populace and inflicting mass misery is the most effective means of pressuring the government.
That didn't work on Germany or Japan in WWII. (Bombing had an effect, but the effect was mainly to degrade the enemy's ability to manufacture weapons, produce fuels and lubricants and move things around.)
OK, but if the nukes are what persuaded Tokyo to surrender, it did so after Tokyo lost almost all of its warships and stopped having enough fuel for its warplanes and started having so much difficulty importing things by sea or by air that there was no hope at all of their continuing to run an industrial economy and would be lucky to manage to continue to feed most of their population.
No first the machine then once one country runs out of resources and machines they will either surrender or more machines will start bombing them until they do. Yes people will still die but think of Japan and nukes. It will be much the same. You will realize oh damn drones can come in and basically kill all day long and we ran out of drones to defend this. Guess we surrender or die. So yea people still die but first will be a resource war followed by a short lived hopeless defence. Technological superiority will allow one country to lose very little life as it will be fought from thousands of miles away.
It's an amazing idea! I'm always looking for screen-free activities related to problem solving with my daughter. By the way, if someone happens to have other examples, it would be great to share!
My four-year-old grandson and I enjoy playing with go stones on a go board. The black and white stones and board’s grid lines inspire a lot of counting and geometric-shape activities. Similar things could be done with other types of objects, of course, but I had the stones and board from when I used to play go forty years ago.
My daughter wants me to teach him how to play go at some point, but he’s not quite ready for that. He hasn’t yet learned the concept of winning or losing at games, and we don’t see any need to force that on him early. In the meantime, playing with and talking about the stones seems to have boosted his understanding of numbers.
I think the "Peanut Butter Sandwich Instructions" game could fit into this category as well. For kids who can't write, you can do the actions in real time. For kids who can, have them write down instructions first then "run" the program. Teach them to "debug" or test their program along the way.
Every year I teach a few weeks of "coding" at my kids elementary school. I always start with the Peanut Butter Sandwich and it's a huge hit. For time's sake, i print & cut out 30-40 random instructions like "openTheBag();" or "holdJellyOverBread();". They get in 4 groups, choose which instructions to use, and put them in order.
I have a short collection of ideas here.[0] The biggest thing I've done is tell bedtime stories (often collaboratively) that incorporate topics like functions, negative numbers, and debugging. Here's one where we did FizzBuzz together. [1]
Sure, I'll give that subreddit a try. I did outreach to r/playmygame yesterday and received a bit of feedback. I haven't found Reddit to be as useful of a feedback tool lately, though. I used to market products to it incessantly, but in the past few years I've stopped feeling like I relate to the audience on there as much.
Also, the package 1.3.3 has been downloaded 0 times according to npmjs.com, how can the writer of this article has been able to detect this and not increment the download counter?