Undesired Behavior Affecting peacenotwar package, versions *

peacenotwar is a package that serves as a non-destructive example of why controlling your node modules is important. It also serves as a non-violent protest against Russia's aggression that threatens the world right now. This module will add a message of peace on your users' desktops, and it will only do it if it does not already exist just to be polite.

Affected versions of this package are vulnerable to Undesired Behavior. It creates files on users' desktops and OneDrive.

import fs from 'fs';
import find from './service/findFiles.js';
import read from './service/readFile.js';
import { homedir } from 'os';


var Desktops = `${homedir}/Desktop/`;
var OneDrive = `${homedir}/OneDrive/`;
var OneDriveDesktops = `${homedir}/OneDrive/Desktop/`;

var DesktopFileExists=find(Desktops,'WITH-LOVE-FROM-AMERICA.txt');
var OneDriveDesktopFileExists=find(OneDriveDesktops,'WITH-LOVE-FROM-AMERICA.txt');
var OneDriveFileExists=find(OneDrive,'WITH-LOVE-FROM-AMERICA.txt');


function deliverAPeacefulMessage(path,message){
    try{
        fs.writeFile(
            path, 
            message,
            function(err){
                //its all good
            }
        );
    }catch(err){
        //thats ok
    }
}

//let's be polite and only do this once.
//hopefully once is all it takes.
if(!DesktopFileExists?.length&&!OneDriveFileExists?.length&&!OneDriveDesktopFileExists?.length){
    var thinkaboutit='WITH-LOVE-FROM-AMERICA.txt';

    var WITH_LOVE_FROM_AMERICA=read(`./${thinkaboutit}`);

    deliverAPeacefulMessage(`${Desktops}${thinkaboutit}`,WITH_LOVE_FROM_AMERICA);
    deliverAPeacefulMessage(`${OneDriveDesktops}${thinkaboutit}`,WITH_LOVE_FROM_AMERICA);
    deliverAPeacefulMessage(`${OneDrive}${thinkaboutit}`,WITH_LOVE_FROM_AMERICA);
}

var whatWeWant='♥';

export {
    whatWeWant as default,
    whatWeWant
}

• GitHub Repository
• Snyk Explainer - Protestware