all InfoSec news
When “Everything” Goes Wrong: NPM Dependency-Hell Campaign – 2024 Edition
Malware Analysis, News and Indicators - Latest topics malware.news
Happy New Year! What a way to open 2024! NPM user account gdi2290, aka PatrickJS, published a troll campaign to the NPM registry by uploading a package named “everything”, which relies on every other public NPM package, resulting in millions of transitive dependencies.
This leads to Denial of Service (DOS) for those who install “everything, “which causes issues like storage space exhaustion and disruptions in build pipelines.
The creators of the “everything” package have published over 3000 sub-packages. These …
account campaign denial of service dependencies dependency dos goes happy new year new year npm npm package package public registry service troll wrong