Why Empty NPM Package Has Over 700,000 Downloads

Share post:

An NPM package with the tag “-” has had almost 720,000 downloads since its release in the npm register at the beginning of 2020.

This is because the packet is fed whenever someone makes a typo while executing npm commands.

There is only one version of the package and this version “0.0.1” contains three files, but the contents of the files have nothing groundbreaking and mainly contain skeleton code.

The obviously useless package “-” serves as a dependency for over 50 npm packages.

But it is still something to worry about. Although the package does not contain much at the moment, it may have a newer version that is more malicious.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs



Related articles

Federal Bureau of Investigation (FBI) warns of scammers using AI for sextortion

The FBI has warned about scammers using AI to create explicit deepfake images and videos known as "sextortion." Scammers...

Florida man pleads guilty to selling counterfeit Cisco gear

Onur Aksoy, a 39-year-old entrepreneur from Miami, has confessed to engaging in a massive counterfeit scheme involving Cisco...

Survey reveals insecurity increase in Software-as-a-Service (SaaS) market

A survey conducted by CSA and Adaptive Shield revealed an increase in the amount of security incidents within...

British Airways, BBC, Boots affected by MOVEit vulnerability

British Airways, the BBC, and U.K. pharmacy chain Boots fell victim to a data breach caused by a...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways