all InfoSec news
Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'
Malware Analysis, News and Indicators - Latest topics malware.news
We have repeatedly come across cases involving open source registries like npm and PyPI being flooded with thousands of packages in a short span of time. Typically, such surges in publishing activity are related to malware, dependency confusion PoCs, or just ...annoying SEO spam leveraging these registries.
It's not every day though that we see a virtually benign flood of packages that otherwise aren't conducting anything dangerous — well then, why the flood?
Article Link: Devs flood npm with …
cases dependency dependency confusion flood malware npm npm and pypi open source packages pocs publishing pypi reward seo seo spam spam span tokens