top

NPM Removes Malicious JavaScript Packages From The NPM Registry

On August 1, npm, Inc. revealed that recently they have eliminated about 40 JavaScript programming language packages that were caught stealing environment variables upon installation. "The package naming was both deliberate and malicious – the intent was to collect useful data from tricked users," npm explained. According to npm, on July 19, a user named Hack Task uploaded 40 JavaScript packages that are identical to some popular npm packages names. These packages were downloaded approximately 700 times before they were removed. npm described that there were only about 50 real installations out of 700 and the remaining came from registry mirrors. At first, a Swedish user informed npm via Twitter that a package with a name very similar to the cross-env package was engaged in suspicious activity. "If you downloaded and installed any of these packages, you should immediately revoke and replace any credentials you might have had in your shell environment," npm advised. Finally, npm banned the user Hack Task and reported that their developers are analyzing different approaches to prevent future occurrences of malicious typosquatting. "There are programmatic ways to detect this, and we might use them to block publication," explained in npm blog post. "We're using the Smyte service [a trust and safety SaaS offering] to detect spam as it is published to the registry, and will be experimenting with using it to detect other kinds of violations of our terms of service." Source: NPM Official Blog
Rated 4.0/5 based on 20 customer reviews
  1. Home
  2. Magazine
  3. NPM Removes Malicious JavaScript Packages From The NPM Registry
Normal Mode Dark Mode

NPM Removes Malicious JavaScript Packages From The NPM Registry

Geneva Clark
What's New
16th Aug, 2017
NPM Removes Malicious JavaScript Packages From The NPM Registry

On August 1, npm, Inc. revealed that recently they have eliminated about 40 JavaScript programming language packages that were caught stealing environment variables upon installation. "The package naming was both deliberate and malicious – the intent was to collect useful data from tricked users," npm explained.

According to npm, on July 19, a user named Hack Task uploaded 40 JavaScript packages that are identical to some popular npm packages names. These packages were downloaded approximately 700 times before they were removed. npm described that there were only about 50 real installations out of 700 and the remaining came from registry mirrors.

At first, a Swedish user informed npm via Twitter that a package with a name very similar to the cross-env package was engaged in suspicious activity. "If you downloaded and installed any of these packages, you should immediately revoke and replace any credentials you might have had in your shell environment," npm advised.

Finally, npm banned the user Hack Task and reported that their developers are analyzing different approaches to prevent future occurrences of malicious typosquatting. "There are programmatic ways to detect this, and we might use them to block publication," explained in npm blog post. "We're using the Smyte service [a trust and safety SaaS offering] to detect spam as it is published to the registry, and will be experimenting with using it to detect other kinds of violations of our terms of service."

Source: NPM Official Blog

Geneva

Geneva Clark

Blog Author
Geneva specializes in back-end web development and has always been fascinated by the dynamic part of the web. Talk to her about modern web applications and she and loves to nerd out on all things Ruby on Rails.

Leave a Reply

Your email address will not be published. Required fields are marked *

SUBSCRIBE OUR BLOG

TRENDING BLOG POSTS

Python in a Nutshell: Everything That You Need to Know

Python is one of the best known high-level programming languages in the world, like Java. It’s steadily gaining traction among programmers because it’s easy to integrate with other technologies and offers more stability and higher coding productivity, especially when it comes to mass projects with volatile requirements. If you’re considering learning an object-oriented programming language, consider starting with Python.A Brief Background On Python It was first created in 1991 by Guido Van Rossum, who eventually wants Python to be as understandable and clear as English. It’s open source, so anyone can contribute to, and learn from it. Aside from supporting object-oriented programming and imperative and functional programming, it also made a strong case for readable code. Python is hence, a multi-paradigm high-level programming language that is also structure supportive and offers meta-programming and logic-programming as well as ‘magic methods’.More Features Of PythonReadability is a key factor in Python, limiting code blocks by using white space instead, for a clearer, less crowded appearancePython uses white space to communicate the beginning and end of blocks of code, as well as ‘duck typing’ or strong typingPrograms are small and run quickerPython requires less code to create a program but is slow in executionRelative to Java, it’s easier to read and understand. It’s also more user-friendly and has a more intuitive coding styleIt compiles native bytecodeWhat It’s Used For, And By WhomUnsurprisingly, Python is now one of the top five most popular programming languages in the world. It’s helping professionals solve an array of technical, as well as business problems. For example, every day in the USA, over 36,000 weather forecasts are issued in more than 800 regions and cities. These forecasts are put in a database, compared to actual conditions encountered location-wise, and the results are then tabulated to improve the forecast models, the next time around. The programming language allowing them to collect, analyze, and report this data? Python!40% of data scientists in a survey taken by industry analyst O’Reilly in 2013, reported using Python in their day-to-day workCompanies like Google, NASA, and CERN use Python for a gamut of programming purposes, including data scienceIt’s also used by Wikipedia, Google, and Yahoo!, among many othersYouTube, Instagram, Quora, and Dropbox are among the many apps we use every day, that use PythonPython has been used by digital special effects house ILM, who has worked on the Star Wars and Marvel filmsIt’s often used as a ‘scripting language’ for web apps and can automate a specific progression of tasks, making it more efficient. That’s why it is used in the development of software applications, web pages, operating systems shells, and games. It’s also used in scientific and mathematical computing, as well as AI projects, 3D modelers and animation packages.Is Python For You? Programming students find it relatively easy to pick up Python. It has an ever-expanding list of applications and is one of the hottest languages in the ICT world. Its functions can be executed with simpler commands and much less text than most other programming languages. That could explain its popularity amongst developers and coding students.If you’re a professional or a student who wants to pursue a career in programming, web or app development, then you will definitely benefit from a Python training course. It would help if you have prior knowledge of basic programming concepts and object-oriented concepts. To help you understand how to approach Python better, let’s break up the learning process into three modules:Elementary PythonThis is where you’ll learn syntax, keywords, loops data types, classes, exception handling, and functions.Advanced PythonIn Advanced Python, you’ll learn multi-threading, database programming (MySQL/ MongoDB), synchronization techniques and socket programming.Professional PythonProfessional Python involves knowing concepts like image processing, data analytics and the requisite libraries and packages, all of which are highly sophisticated and valued technologies.With a firm resolve and determination, you can definitely get certified with Python course!Some Tips To Keep In Mind While Learning PythonFocus on grasping the fundamentals, such as object-oriented programming, variables, and control flow structuresLearn to unit test Python applications and try out its strong integration and text processing capabilitiesPractice using Python’s object-oriented design and extensive support libraries and community to deliver projects and packages. Assignments aren’t necessarily restricted to the four-function calendar and check balancing programs. By using the Python library, programming students can work on realistic applications as they learn the fundamentals of coding and code reuse.
Rated 4.5/5 based on 12 customer reviews
Python in a Nutshell: Everything That You Need to Know

Python in a Nutshell: Everything That You Need to Know

Blog

The Ultimate Guide to Node.Js

IT professionals have always been in much demand, but with a Node.js course under your belt, you will be more sought after than the average developer. In fact, recruiters look at Node js as a major recruitment criterion these days.  Why are Node.js developers so sought-after, you may ask. It is because Node.js requires much less development time and fewer servers, and provides unparalleled scalability.In fact, LinkedIn uses it as it has substantially decreased the development time. Netflix uses it because Node.js has improved the application’s load time by 70%. Even PayPal, IBM, eBay, Microsoft, and Uber use it. These days, a lot of start-ups, too, have jumped on the bandwagon in including Node.js as part of their technology stack.The Course In BriefWith a Nodejs course, you learn beyond creating a simple HTML page, learn how to create a full-fledged web application, set up a web server, and interact with a database and much more, so much so that you can become a full stack developer in the shortest possible time and draw a handsome salary. The course of Node.js would provide you a much-needed jumpstart for your career.Node js: What is it?Developed by Ryan Dahl in 2009, Node.js is an open source and a cross-platform runtime environment that can be used for developing server-side and networking applications.Built on Chrome's JavaScript runtime (V8 JavaScript engine) for easy building of fast and scalable network applications, Node.js uses an event-driven, non-blocking I/O model, making it lightweight and efficient, as well as well-suited for data-intensive real-time applications that run across distributed devices.Node.js applications are written in JavaScript and can be run within the Node.js runtime on different platforms – Mac OS X, Microsoft Windows, Unix, and Linux.What Makes Node js so Great?I/O is Asynchronous and Event-Driven: APIs of Node.js library are all asynchronous, i.e., non-blocking. It simply means that unlike PHP or ASP, a Node.js-based server never waits for an API to return data. The server moves on to the next API after calling it. The Node.js has a notification mechanism (Event mechanism) that helps the server get a response from the previous API call.Superfast: Owing to the above reason as well as the fact that it is built on Google Chrome's V8 JavaScript Engine, Node JavaScript library is very fast in code execution.Single Threaded yet Highly Scalable: Node.js uses a single threaded model with event looping, in which the same program can ensure service to a much larger number of requests than the usual servers like Apache HTTP Server. Its Event mechanism helps the server to respond promptly in a non-blocking way, eliminating the waiting time. This makes the server highly scalable, unlike traditional servers that create limited threads to handle requests.No buffering: Node substantially reduces the total processing time of uploading audio and video files. Its applications never buffer any data; instead, they output the data in chunks.Open source: Node JavaScript has an open source community that has produced many excellent modules to add additional capabilities to Node.js applications.License: It was released under the MIT license.Eligibility to attend Node js CourseThe basic eligibility for pursuing Node training is a Bachelors in Computer Science, Bachelors of Technology in Computer Science and Engineering or an equivalent course.As prerequisites, you would require intermediate JavaScript skills and the basics of server-side development.CertificationThere are quite a few certification courses in Node Js. But first, ask yourself:Do you wish to launch your own Node applications or work as a Node developer?Do you want to learn modern server-side web development and apply it on apps /APIs?Do you want to use Node.js to create robust and scalable back-end applications?Do you aspire to build a career in back-end web application development?If you do, you’ve come to the right place!Course CurriculumA course in Node JavaScript surely includes theoretical lessons; but prominence is given to case studies, practical classes, including projects.  A good certification course would ideally train you to work with shrink-wrap to lock the node modules, build a HTTP Server with Node JS using HTTP APIs, as well as about important concepts of Node js like asynchronous programming, file systems, buffers, streams, events, socket.io, chat apps, and also Express.js, which is a flexible, yet powerful web application framework.Have You Decided Yet? Now that you know everything there is to know about why you should pursue a Node js course and a bit about the course itself, it is time for you to decide whether you are ready to embark on a journey full of exciting technological advancements and power to create fast, scalable and lightweight network applications.
Rated 4.5/5 based on 6 customer reviews
The Ultimate Guide to Node.Js

The Ultimate Guide to Node.Js

Blog

MIT’s new automated ML runs 100x faster than human Data Scientists

According to Michigan State University and MIT, automated machine learning system analyses the data and deliver a solution 100x faster than one human. The automated machine learning platform which is known as ATM (Auto Tune Models) uses cloud-based, on demand computing to accelerate data analysis. Researchers of MIT tested the system through open-ml.org, a collaborative crowdsourcing platform, on which data scientists collaborate to resolve problems. They found that ATM evaluated 47 datasets from the platform and the system was capable to deliver a solution that is better than humans. It took nearly 100 days for data scientists to deliver a solution, while it took less than a day for ATM to design a better-performing model. "There are so many options," said Ross, Franco Modigliani professor of financial economics at MIT, told MIT news. "If a data scientist chose support vector machines as a modeling technique, the question of whether she should have chosen a neural network to get better accuracy instead is always lingering in her mind." ATM searches via different techniques and tests thousands of models as well, analyses each, and offers more resources that solves the problem effectively. Then, the system exhibits its results to help researchers compare different methods. So, the system is not automating the human data scientists out of the process, Ross explained. "We hope that our system will free up experts to spend more time on data understanding, problem formulation and feature engineering," Kalyan Veeramachaneni, principal research scientist at MIT's Laboratory for Information and Decision Systems and co-author of the paper, told MIT News. Auto Tune Model is now made available for companies as an open source platform. It can operate on single machine, on-demand clusters, or local computing clusters in the cloud and can work with multiple users and multiple datasets simultaneously, MIT noted. "A small- to medium-sized data science team can set up and start producing models with just a few steps," Veeramachaneni told MIT News. Source: MIT Official Website  
Rated 4.0/5 based on 20 customer reviews
MIT’s new automated ML runs 100x faster than human Data Scientists

MIT’s new automated ML runs 100x faster than human Data Scientists

What's New

Follow Us On

Share on

other Blogs