Periodically we get weird PRs to ESLint that don't seem to make any sense. I've always assumed they were some kind of penetration test to see how easy it was to land code. This type of stuff happens all the time in OSS and it's not talked about enough.
https://openjsf.org/blog/openssf-openjs-alert-social-engineering-takeovers
Nicholas C. Zakas /
npub1y8…0ajpn
2024-04-15 21:46:35
Author Public Key
npub1y8xx6rndyw9elh6chsjad7pufltmjrsjf9axl3dk2kc0t046aahqy0ajpnPublished at
2024-04-15 21:46:35Event JSON
{
"id": "3680a07a8f5d57b3e68b949349df2c250c4924469643feb2a4421d80158808a1",
"pubkey": "21cc6d0e6d238b9fdf58bc25d6f83c4fd7b90e12497a6fc5b655b0f5bebaef6e",
"created_at": 1713217595,
"kind": 1,
"tags": [
[
"proxy",
"https://fosstodon.org/users/nzakas/statuses/112277428353806454",
"activitypub"
]
],
"content": "Periodically we get weird PRs to ESLint that don't seem to make any sense. I've always assumed they were some kind of penetration test to see how easy it was to land code. This type of stuff happens all the time in OSS and it's not talked about enough.\n\nhttps://openjsf.org/blog/openssf-openjs-alert-social-engineering-takeovers",
"sig": "f2ecb1c4c2b7e66c7bd0024c56b14225ab4c1fd99159e949293e0c9933e053d6a078051869de2b8d957ea512502e043e8b9b7587b2040ace06fb87e5bd9811e1"
}