Pretty much every developer uses some third-party libraries — with millions of developers sharing their creations with the world, leveraging existing modules to help solve your tasks is a smart use of time. But using somebody else’s code means trusting the developers of that code. BitPay, developers of the Copay cryptowallet, recently ran up against the shortcomings of using open-source third-party assets.
One of those is an open-source Node.js module called event-stream. Its repository on the version control service GitHub was maintained by a developer who had lost interest in the project long ago and hadn’t really taken part in the repository’s fate in several years. So, when some other developer with little to no previous activity on GitHub approached him and asked whether he could have the admin rights to maintain the repository, the original developer gave that person access rights.
>> Read : A bad link in the cryptochain
Source : kaspersky