💾 Archived View for dioskouroi.xyz › thread › 29378526 captured on 2021-11-30 at 20:18:30. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
________________________________________________________________________________
it was removed and separated into its own package some time ago to prevent code scanners from identifying it as a virus/malware since it means it is no longer part of the published npm package.
This should've been a pretty clear hint that this sort of thing is not ok.
This is a really stupid amount of work for a supposed Easter egg.
I develop in this ecosystem regularly and I'm still waiting for the day that everyone else acknowledges that downloading and running arbitrary code is a bug, not a feature...
I think I'll be waiting forever - this sets a really bad example.
There was a time when easter eggs used to be ok.
In today’s malware-ridden world, there should be no more room for easter eggs. All projects should voluntarily abolish and ban them.
OP of the issue here - I literally talk about this in the thread. Easter eggs are cool, but obfuscated payloads in critical code is not.
> Hi, While I appreciate easter eggs (and think others have it a bit too much out for them), the fact that this easter egg is obfuscated sets off multiple alarm bells. The automated code scanners were right -- this looks like malware!
> [...]
> If this easter egg was unobfuscated, I would've just looked at it and gone "thats neat", but the fact that this was obfuscated to look like malware means I have to spend 10 mins checking that it isn't actually malicious. It would be nice if the easter egg was kept but de-obfuscated so others aren't concerned by it.