In case someone stumbles upon this now, Prettier got caught running a crypto miner on users' computers: https://programming.dev/post/28214590
this post was submitted on 28 Nov 2023
37 points (97.4% liked)
JavaScript
2311 readers
2 users here now
founded 2 years ago
MODERATORS
A set of ten VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools
Real one has way more installs?
https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode
Well spotted. https://securityonline.info/malicious-vscode-extensions-caught-mining-crypto-with-xmrig/ This news article has a link to this listing: https://app.extensiontotal.com/report/prettierteam.prettier
Notably, the developer name is different.
So cool. Curious, Why do they need to specify that the project has to be implemented in Rust?
If I had to guess the motivation, it would probably be that:
- Rust is a systems language known for performance and correctness, which makes it a good candidate for their stated goal of having a competitor to encourage performance and correctness within Prettier
- Rust is popular and relatively well-known among open source developers, more so than any comparable language except maybe Go
- Rust is a hip language that probably added some free publicity to their announcement
That's clever. Now Zig or any language that wants to compete with Rust would want to to come up with a better project to take the fame.
So cool. Curious, Why do they need to specify that the project has to be implemented in Rust?
Possibly because some people think that, much like MongoDB, Rust is web scale.