[xmprt]

To give a more realistic answer to this question, when I was writing an article about npm dependencies[1], I incidentally came upon a case where the developer of node-ipc released a malicious version of the package that affected computers in Russian and Belarusian IPs specifically in response to the Ukraine war[2].

[1]: https://www.preethamrn.com/posts/who-actually-uses-is-odd

[2]: https://www.bleepingcomputer.com/news/security/big-sabotage-...

[aleksandrh]

And then claimed his GitHub was "hacked" to save his ass. And was somehow not banned by GitHub despite clearly violating their TOS.

[dontupvoteme]

I forgot about that targeted malware for a while, thanks for jogging my memory.

Imagine now if he had done that towards Israelis or Arabs/Palestinians and how both the internet and governments would react.

He only got away with such blatant crime because the entire west was against Russia. Mad that the overton window went so wide for a while there.