Open-source community and the concept in general are mostly considered a good phenomena. Maintainers of the free Software are praised, as in most cases they are dedicating their own time and money to make sure the apps and modules they develop or look after can be used by the rest of the world. And they use this power to make the world a better place.
Except when they go a bit too far.
When was the last time you audited the code of the open-source Software you use on a daily basis?
Well, get used to doing that regularly from now on, since apparently RIAEvangelist, a maintainer of a popular node.js module named "node-ipc", came to a realization that he gets to decide the fate of some users' files as he recently submitted a new patch to the module which does something, that technically falls under the "malware" category: the update added new stealth functionality that would recursively go through the users' files and replace the contents of each one with the ❤️ (heart emoji) if it detected that the user was located in Russia or Belarus.
Apparently this was supposed (?) to help (?) stop (?) the on-going conflict between Russia and Ukraine? Don't ask... I don't get it either.