Simon Willison’s Weblog

Subscribe

Thursday, 11th January 2018

Incident report: npm. Fascinating insight into the challenges involved in managing a massive scale community code repository. An algorithm incorrectly labeled a legit user as spam, an NPM staff member acted on the report, dependent package installations started failing and because the package had been removed as spam other users were able to try and fix the bug by publishing fresh copies of the missing package to the same namespace.

# 5:27 pm / security, spammers, npm

2018 » January

MTWTFSS
1234567
891011121314
15161718192021
22232425262728
293031