Thousands of fake packages flood npm registry in major attack - here's what we know

1.1K

•

Thousands of fake packages flood npm registry in major attack - here's what we know (www.techradar.com)

From the post:

>Roughly 1% of the entire npm ecosystem now consists of bogus, dormant packages that were uploaded as part of a years-long targeted - and potentially malicious - campaign, experts have claimed. Cybersecurity researchers Endor Labs discovered more than 43,000 spam packages which took almost two years to upload in a coordinated effort that took at least 11 distinct user accounts to pull off. “The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two years," the researchers said.

Archive: https://archive.today/qxSFY From the post: >>Roughly 1% of the entire npm ecosystem now consists of bogus, dormant packages that were uploaded as part of a years-long targeted - and potentially malicious - campaign, experts have claimed. Cybersecurity researchers Endor Labs discovered more than 43,000 spam packages which took almost two years to upload in a coordinated effort that took at least 11 distinct user accounts to pull off. “The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two years," the researchers said.

Be the first to comment!

Login or register