Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ecosystem.

A single instance, recorded by Sonatype in July 2024, saw 281,512 distinct packages appearing on the npmjs.com registry overnight — each package named a gibberish Latin phrase akin to Lorem Ipsum. 

*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Ax Sharma. Read the original post at: https://www.sonatype.com/blog/crypto-enthusiasts-flood-npm-with-281000-bogus-packages-overnight