Mastodon Feed
Reblogged by keul@fosstodon.org ("Luca Fabbri"):
jalefkowit@octodon.social ("Jason Lefkowitz") wrote:
"An npm user named PatrickJS, aka gdi2290, threw us a curveball. He (along with a group of contributors) kicked off the year with a bang, launching a troll campaign that uploaded an npm package aptly named everything. This package, true to its name, depends on every other public npm package, creating millions of transitive dependencies.
The everything package and its 3,000+ sub-packages have caused a Denial of Service (DOS) for anyone who installs it."