Exploiting Developer Infrastructure Is Ridiculously Easy

The open-source ecosystem is broken

Photo: Charles Deluvio/Unsplash

In late October, an issue was opened on an extremely popular node.js tool, nodemon, describing a deprecation warning that was being logged to the console.

Warnings like these aren’t uncommon. This one seemed harmless. It wasn’t even related to the nodemon project, but rather to one of…