1067 views 26 secs 0 comments

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust

In General
March 31, 2023

Welcome to The Long View—where we peruse the news of the week and strip it to the essentials. Let’s work out what really matters.

This week: The npm registry suffers spam infestation, and Microsoft makes Google sad.

1. Spam in npm

First up this week: Scammers and SEO scrotes are flooding the npm repo with spammy packages. Of course, this is exactly what always happens when you offer a free service for shared blobs.

Analysis: New Problems Mount

Unpopular opinion: It’s time to do away with centralized repos.

Gabi Dobocan: One In Two New Npm Packages Is SEO Spam

Tip of the iceberg
Out of the ~320k new npm packages or versions … over the past week, at least ~185k [are] SEO spam. Just in the last hour as of writing this article, 1583 new e-book spam packages have been published. All … are currently live on npmjs.com.

Most of the spam packages … come from a single … malicious Telegram channel, with over 7k members … targeting Russian-speaking people….

Continue reading on source link