That is pretty evil.
Without signing attestation (both developer and code) there will be no way to find out who was responsible and stop the propagation. This will happen again.
Edit: there have been attempts like https://docs.npmjs.com/trusted-publishers, but that hasn’t fixed the problem.
Wonder if this is going to turn into people cutting out catalytic converters, or stripping out copper wiring.
It went for a walk in the park and grabbed a coffee, but it doesn’t want to be dinged for it.
On a previous thread, someone pointed to https://sonoff.tech/en-us/products/sonoff-dongle-max-zigbee-thread-poe-dongle-dongle-m
Looks like it might support both.
I challenged my family not to say WHAT! when reading that headline. So far, everyone’s failed (including myself).