Safeguard
Tag

protestware

Safeguard articles tagged "protestware" — guides, analysis, and best practices for software supply chain and application security.

10 articles

Supply Chain Attacks

Protestware: what colors.js and faker.js taught the industry about maintainer risk

One unpaid maintainer sabotaged two packages with 20M+ weekly downloads in a single week. Here's what colors.js and faker.js reveal about single-maintainer risk.

Jul 16, 20265 min read
Open Source Security

The node-ipc protestware incident, four years later: a checklist for maintainer-inserted risk

In March 2022 a legitimate node-ipc maintainer shipped code that wiped files based on IP geolocation. CVE-2022-23812 still has no patch for the real problem.

Jul 8, 20266 min read
Open Source Security

Protestware via prompt injection: when maintainers target AI agents

jqwik 1.10.0 shipped a hidden instruction telling AI coding agents to delete their own tests, then erased it from the terminal with ANSI codes — protestware built for agents, not humans.

Jul 7, 20267 min read
Software Supply Chain Security

colors.js and faker.js protestware sabotage

In 2022, maintainer Marak Squires turned colors.js and faker.js into protestware, breaking 19,000+ npm projects and coining a new supply chain threat term.

Jul 5, 20266 min read
Software Supply Chain Security

node-ipc protestware targeting Russia/Belarus IPs

In March 2022, node-ipc's maintainer shipped code wiping files on Russian and Belarusian machines. Here's what happened, how it spread, and how to catch it next time.

Jul 4, 20266 min read
Threat Research

What Is Protestware? When Maintainers Weaponize Their Own Packages

Protestware is open-source code a maintainer deliberately alters to make a political or personal statement, sometimes sabotaging users. Here is how it works and how to defend.

Jul 2, 20266 min read
Supply Chain Attacks

npm Protestware Patterns From 2020 to 2026

A senior engineer's view of six years of npm protestware, from colors.js to peacenotwar, and the supply chain lessons that still apply to modern JavaScript shops.

Mar 3, 20267 min read
Vulnerability Analysis

node-ipc 'Protestware' Sabotage Code Shipped to Millions ...

How a rogue node-ipc update turned a trusted npm dependency into disk-wiping protestware, and what CVE-2022-23812 means for your supply chain.

Dec 1, 20258 min read
Open Source Security

Protestware and Sabotage: When Maintainers Turn Against T...

Protestware turns trusted maintainers into insider threats. See how node-ipc, colors.js, and left-pad became sabotage vectors, and how Safeguard catches the next one.

Aug 1, 20257 min read
Supply Chain Attacks

node-ipc Protestware: When a Maintainer Weaponized the Supply Chain

The node-ipc package was deliberately sabotaged by its maintainer to protest the Russia-Ukraine conflict, wiping files on systems with Russian or Belarusian IP addresses. A watershed moment for supply chain trust.

Jan 8, 20225 min read
protestware — Safeguard Blog