Empty NPM package '-' has over 700k downloads(bleepingcomputer.com) |
Empty NPM package '-' has over 700k downloads(bleepingcomputer.com) |
The double ”when” is quite funny here, given the nature of npm problem described in the article.
Key points being either:
- published within 72 hours and without any dependents
- no dependents, < 300/week downloads, single owner
Of course even with all that said there was also precedent for having it removed if you emailed them directly and it was up to their discretion (I believe this was prior to their acquisition so not sure if that still applies).
PHP gets it right: https://packagist.org/explore/
Yeah, those who depend on the original but accidental “-“ package for its functionally should suffer any consequential breakage that may have resulted from it.
*insert*fake*tear*here*
Since the content suggests it was generated by a script, there may have been an error in the input to the script or in the script itself.
The index file is:
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = null;
The readme mentions that it's a test of this: https://github.com/parzh/create-package-typescript> Recklessly create TypeScript npm packages left and right with this single command
...then a few lines further down the article:
> An npm package called "-" has scored almost 720,000 downloads since its publication on the npm registry, since early 2020.
Kinda frustrating that the same information is being written twice imo... And then two ads in a row follow that