Who Broke NPM? Malicious Packages Flood Leading to Denial of Service
released on 2023-04-07 @ 08:23:37 PM
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an easy target to perform SEO poisoning for various malicious campaigns. As long as the name is untaken, they can publish an unlimited number of packages.