Protestware is open-source software that a legitimate maintainer intentionally modifies to deliver a political, ideological, or personal message, ranging from a harmless banner to destructive sabotage of the people who install it. What makes protestware distinct from ordinary malware is trust: the code does not come from a hijacked account or a typosquatted lookalike, it comes from the real maintainer of a package you already depend on and have every reason to trust. That trust is precisely the weakness it exploits. Because the change ships through the normal release channel, signed and published by the genuine author, provenance checks and account-security controls do not flag it. Protestware sits at an uncomfortable intersection of free expression, maintainer burnout, and supply-chain risk, and for the teams downstream the effect is the same as any other malicious update: unexpected, unreviewed code executing in their builds and applications.
How protestware works
Protestware spans a spectrum from benign to destructive. At the mild end, a maintainer adds a console message, a dependency that prints an anti-war statement, or a splash of unexpected output. At the severe end, the code checks the host's characteristics and actively damages systems that match a target profile, most often based on geographic or language signals derived from the machine's locale or IP geolocation.
The dangerous variant follows a recognizable shape: determine where the machine is, then act destructively if it matches. Conceptually, the logic looks like a geolocation check gating a payload:
const https = require("https");
https.get("https://api.example/geoip", (res) => {
let data = "";
res.on("data", (c) => (data += c));
res.on("end", () => {
const country = JSON.parse(data).country;
if (country === "RU" || country === "BY") {
destroyFiles(); // overwrite or delete user data
}
});
});
Because this ships in a normal semantic-version bump, any project with a loose version range pulls it automatically. The blast radius is amplified by transitive dependencies: a developer who has never heard of the protestware package can still be hit because it sits several layers down in the tree of something they do depend on.
Real-world protestware incidents
The defining case is node-ipc in March 2022. Its maintainer, Brandon Nozaki Miller (RIAEvangelist), published updates in the 10.1.x line, tracked as CVE-2022-23812, that used geolocation to identify machines in Russia and Belarus and then overwrote files on those systems with a heart emoji. He also authored a companion module, peacenotwar, added as a dependency, which wrote a WITH-LOVE-FROM-AMERICA.txt file with an anti-war message to users' desktops. With over a million weekly downloads and a place deep in the dependency trees of frameworks like Vue.js, node-ipc turned a maintainer's protest into a self-inflicted supply-chain incident for thousands of unrelated projects.
Two months earlier, in January 2022, the maintainer of the enormously popular colors.js and faker.js libraries, Marak Squires, deliberately sabotaged them. He pushed an update that introduced an infinite loop printing garbage text ("LIBERTY LIBERTY LIBERTY" followed by non-ASCII characters), breaking every application that auto-upgraded. This was not geopolitical; it was a protest against large corporations profiting from unpaid open-source labor. The effect was a widespread denial of service across the JavaScript ecosystem, and it crystallized the industry's anxiety about the fragility of critical infrastructure maintained by a single unpaid volunteer.
How to detect and defend against protestware
Protestware defeats the controls aimed at account takeover and typosquatting, so defense has to shift to change discipline and behavioral review:
- Pin exact versions and control upgrades. The single most effective control is refusing to auto-upgrade. With exact version pinning and lockfiles, a protestware release cannot enter your build until a human chooses to bump the version.
- Introduce an update-delay window. Do not adopt brand-new releases immediately. A cooling-off period of a few days lets the community discover and report protestware before it reaches your pipeline; both the
node-ipcandcolors.jspayloads were flagged publicly within hours. - Diff releases behaviorally. Review what changed between versions, especially new geolocation lookups, filesystem writes, network calls, or added dependencies that have nothing to do with the package's stated purpose.
- Watch maintainer sentiment signals. Public burnout, funding disputes, or political posts from a maintainer of a critical dependency are a leading indicator worth tracking for your highest-impact packages.
- Reduce single-maintainer exposure. Know which of your critical dependencies rest on one person, and have a fork-and-pin plan ready.
How Safeguard helps
Protestware is hard because it arrives through a legitimately signed release, so the answer is not better authentication but better change intelligence. Safeguard's continuously ingested SBOM gives you an exact map of every dependency, including the deep transitive ones like node-ipc that teams rarely realize they ship. Griffin AI analyzes each new version's behavior rather than just its version number, flagging the exact patterns protestware uses — new geolocation checks, destructive filesystem operations, and unexplained dependency additions — so a "minor" bump that suddenly touches the file system is surfaced before it merges. Reachability-aware software composition analysis shows whether a flagged package actually executes in your application, and when you need to react, automated fix pull requests pin your dependency graph to a known-good version and drive the rollback through your pipeline. Because that intelligence is continuous, our pricing covers ongoing monitoring rather than one-time scans, which is what protestware demands.
Protestware is a reminder that supply-chain trust is not binary. The maintainer you trusted yesterday can publish something hostile tomorrow, so pin your versions, delay your upgrades, and inspect what actually changed.
Frequently Asked Questions
Is protestware the same as malware? Protestware is a subset of malicious code, but the intent and the origin differ. It comes from the genuine maintainer rather than an attacker, and the goal is to make a statement rather than to profit. The impact on downstream users, however, can be identical to malware, ranging from broken builds to destroyed files, which is why it belongs in any supply-chain threat model.
Why do provenance and signature checks fail to catch protestware? Because the code is signed and published by the real maintainer through the normal release channel, provenance verification confirms exactly what it is designed to confirm: that the artifact came from the legitimate source. The problem is not a forged identity but a trusted identity acting maliciously, so integrity checks pass while the payload still ships.
How can pinning dependency versions protect me from protestware? Most protestware spreads through automatic upgrades within loose version ranges. If you pin exact versions with a committed lockfile, a new protestware release cannot enter your build until a human explicitly bumps the version, giving the community time to discover and report the sabotage first.
What should I do if a dependency I use turns out to be protestware? Immediately pin to the last known-good version, then assess whether the malicious version already ran in any build or on any developer machine and rotate any secrets it could have accessed. Longer term, evaluate whether to fork the package or migrate off it, especially if it is maintained by a single volunteer with no succession plan.
Start monitoring your dependency graph at app.safeguard.sh/register, and find integration guides at docs.safeguard.sh.