GitHub Community
Replies: 2 comments
-
|
I do note this from yesterday: https://status.npmjs.org/incidents/25b12z1q22nq Though I'd assume if it's playing catch up, it would be going at a much higher throughput. Instead, it seems like the usual velocity, just with a four day delay. (However, I could be totally wrong! :-)) |
Beta Was this translation helpful? Give feedback.
-
|
Minor update: The velocity appears to have picked up over the last 12 hours and now we're up to just about 24 hours delay, so fingers crossed this was just backlog caused by the aforementioned instance and it'll be all back to normal in the next few days. I'll post an update and close if this appears to be the case. |
Beta Was this translation helpful? Give feedback.
-
Slightly odd one, this. I've used https://replicate.npmjs.com/_changes for several years to monitor updates to thousands of npm packages (easier than polling them all!) and it has worked great. However, this week the latest items coming through are all packages that were published/updated on June 14 (four days ago). Updates are coming through in a similar velocity to before, but are simply events that occurred four days ago.
This is purely speculation on my part, but I wonder if a deliberate delay has been put in place to mitigate the recently unveiled cache poisoning vulnerability? (So that attackers can't see and respond to package updates immediately.)
Beta Was this translation helpful? Give feedback.
All reactions