This is malicious and contrary to everything Open Source stands for. You can just guarantee this rather hits the regular people barely making a living with their limited JS skills instead of any higher ups or military.

If you want peace, you should be peaceful.

Additionally, this shows how fucked the JS ecosystem is. Node and npm in particular are the playground of so many malicious actors it’s laughable people still use them.

I think it’s a petty action because if there was a bug it could affect everyone indirectly.

What a great way to make russians and belarusians hate you more than they already do.