A self-propagating worm known as the Indonesian Foods Worm has been discovered on npm, flooding the package registry with an alarming rate of new packages. Every seven seconds, the worm is capable of generating numerous junk packages, resulting in a staggering total of over 100,000 packages published. This behavior not only clutters the registry but may also hinder the usability of npm for developers and users seeking legitimate packages.
The implications of such a spamming campaign in the npm ecosystem are significant. Users may struggle to find useful libraries amid the junk, and developers could face increased challenges when managing their dependencies. Additionally, this incident raises important questions about the security measures in place within package registries like npm, highlighting the need for enhanced controls to prevent similar malware from causing disruption in the future.
👉 Pročitaj original: BleepingComputer
