Erroneous 'Spam' Flag Affected 102 npm Packages
Joined: Oct 24 2009
Last Active: Never/Not tracked
Total Active: Never/Not tracked
Timezone: GMT+ -7
Last Page Viewed:
January 13 '18 at 08:50 AM
By EditorDavid from
Slashdot's false-flags department
There was some trouble last weekend at the world's largest package repository. An anonymous reader quotes the official npm blog:
On Saturday, January 6, 2018, we incorrectly removed the user floatdrop and blocked the discovery and download of all 102 of their packages on the public npm Registry. Some of those packages were highly depended on, such as require-from-string, and removal disrupted many users' installations... Within 60 seconds, it became clear that floatdrop was not a spammer -- and that their packages were in heavy use in the npm ecosystem. The staffer notified colleagues and we re-activated the user and began restoring the packages to circulation immediately. Most of the packages were restored quickly, because the restoration was a matter of unsetting the deleted tombstones in our database, while also restoring package data tarballs and package metadata documents. However, during the time between discovery and restoration, other npm users published a number of new packages that used the names of deleted packages. We locked this down once we discovered it, but cleaning up the overpublished packages and inspecting their contents took additional time...
article continued at Slashdot's false-flags department
Forgot name or password?
Click here to get them
Not a member?
Click here to join
: Large flux of old-but-been-broken news stories coming through.
: Need that for all dialogue in all things ever. Gone with the Wind: Gilbert Gottfried version
: Dream do come true. Gilbert Gottfried https://www.youtube.com/watch?v=3H3xQzQauyY