-
peacenotwar
Discontinued Attempts to determine if the computer its running on has an IP originating from Russia or Belarus. If it is then depending on the version of the malware either attempts to delete all files on the computer, or creates a text file on the computers desktop protesting the war in ukraine.
Today, with an ongoing war between Russia and Ukraine, some open source maintainers have taken it upon themselves to protest the war via changes to their code that express anti-war rhetoric via messages that display when the software is run. However, one maintainer in particular took it to the next level. Brandon Nozaki Miller, published a library on GitHub named peacenotwar that simply printed an anti-war message to the computer it was run on. This package is harmless on its own, but things got interesting when he included this package as a dependency in the node-ipc module he maintains. Users who downloaded the latest version of node-ipc to a machine in Russia would be subject to complete data destruction. Miller defended the act by claiming that this is all documented publicly and that users who don’t want this installed on their machine should lock their dependencies to older versions.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
ongdb
ONgDB is an independent fork of Neo4j® Enterprise Edition version 3.4.0.rc02 licensed under AGPLv3 and/or Community Edition licensed under GPLv3
The court ruled that only the licensor is allowed to remove additional license restrictions beyond the AGPL and that the Graph Foundation is in violation of Neo4j’s copyright claim. The Open Source Initiative and the Software Freedom Conservancy have both come out in opposition to the court ruling and they claim that the original intention of the AGPL was to give licensees the right to do exactly what the Graph Foundation did in this situation. This is only a preliminary injunction, and It seems likely that this ruling will be appealed. In the meantime, the code for the project is still available on GitHub, and you can read the full ruling here.
-
Dagger - A portable dev kit for CI/CD from the founder of Docker.
-
EdenSCM
Discontinued A Scalable, User-Friendly Source Control System. [Moved to: https://github.com/facebook/sapling]
Eden - a cross-platform, scalable source control management system from Meta.
-
FastTreeSHAP - A Python package from LinkedIn for fast interpretation of the TreeSHAP algorithm.
-
xGitGuard - A security tool from Comcast to detect secrets exposed on GitHub repositories.
-
meta-code-verify
Code Verify is an open source web browser extension that confirms that your Facebook, Messenger, Instagram, and WhatsApp Web code hasn’t been tampered with or altered, and that the Web experience you’re getting is the same as everyone else’s.
Code Verify - A browser extension from Meta for verifying the integrity of web pages and detect executed code that’s not included in the site manifest.
-
access-undenied-aws
Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps. Open-sourced by Ermetic.
Access Undenied on AWS - A security tool from Ermetic to analyze AccessDenied events on AWS CloudTrail.