GitHub Community
Spam packages in the registry
#131693
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
I've noticed a huge influx of spam packages on npm, which seem to be trying to game the
tea.xyzprotocol. All of the ones I've spotted have been created by a template repo which uses github scheduled actions to continuously create new versions. Has anyone else noticed this? This article from web3isgoinggreat from a few months ago goes over the issue, but this seems to be a new wave and hasn't been covered yet. This spam has really made my process for finding hidden gems (as in, good packages, not rubygems) on npm basically impossible.Beta Was this translation helpful? Give feedback.
All reactions