Stop using third party packages that has many dependencies that the author didn't have a check before they use

33. "remove every backend project that uses node third party packages, they might has backdoor that could use your VPS as their VPS to act like a general web client for hackers"

 

it is even worse if you use npm in root VPS, because the npm will always use new version of a package or sub_package, how can you make sure your 3000 dependencies will not have a virus that could use your VPS root permission to do bad things?

 

it is the same for other package manager, for example, python pip. or golang package, java package, rust package, flutter package. in chinese, people usally call those machine that has those software running 'rou ji'.

"""

利用 package manager 自动更新新版本的特性，做远控 轻而易举

就算不更新，利用现有的package，二进制文件或者脚本 一个post发到黑客服务器，它就知道你的电脑能不能被控制

对于root设备，被控制就是被完全控制，对于普通设备，就是被当成hacker web 客户端，可以被拿来在网上发垃圾信息、垃圾账号注册

到时候你的ip就会被当成坏ip被服务器墙掉

"""