1 year ago

A denial of service attack happened briefly after three attackers flooded the npm open source package repository for Node.js with bogus packets, according to https://thehackernews.com/2023/04/hackers-flood-npm-with-bogus-packages.html. “The attacks caused a denial-of-service (DoS) that made npm unstable with sporadic ‘Service Unavailable’ errors,” he noted. “The campaigns included a malware infection campaign, a referral scam campaign linked to AliExpress, and a crypto scam campaign targeting Russian users on Telegram.” The https://thenewstack.io/is-npm-a-hotbed-of-malware/ is a package manager for JavaScript maintained by npm, Inc. and is also the default package manager for the https://thenewstack.io/what-typescript-brings-to-node-js/. This was the worst month for attacks on the open source ecosystems in the past year, but March was by far the worst one we’ve seen yet, Kadouri said.