Why Empty NPM Package Has Over 700,000 Downloads

Share post:

An NPM package with the tag “-” has had almost 720,000 downloads since its release in the npm register at the beginning of 2020.

This is because the packet is fed whenever someone makes a typo while executing npm commands.

There is only one version of the package and this version “0.0.1” contains three files, but the contents of the files have nothing groundbreaking and mainly contain skeleton code.

The obviously useless package “-” serves as a dependency for over 50 npm packages.

But it is still something to worry about. Although the package does not contain much at the moment, it may have a newer version that is more malicious.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways