Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/andyrichardson/exploiting-npm-downloads
https://github.com/andyrichardson/exploiting-npm-downloads
Last synced: 16 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/andyrichardson/exploiting-npm-downloads
- Owner: andyrichardson
- Created: 2021-02-06T12:45:02.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-03-09T10:55:31.000Z (almost 4 years ago)
- Last Synced: 2024-12-06T21:22:50.741Z (28 days ago)
- Language: HCL
- Size: 15.6 KB
- Stars: 7
- Watchers: 4
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
---
**Disclaimer:** I've documented this to bring light to how easily exploitable download statistics are. However, I strongly advise that you don't do this as it is both dishonest an unnecessary drain on NPM Inc's resources.
---
# About
A demonstration of how NPM _download_ and _popularity_ statistics can be easily exploited.
Check out the [blog post here](https://dev.to/andyrichardsonn/how-i-exploited-npm-downloads-and-why-you-shouldn-t-trust-them-4bme).
## Usage
To deploy to AWS
> Seriously, don't do this other than for experimentation purposes
```
cd terraform
terraform init
terraform apply
```
## The result
_Blue line was used as the target package and has 0 users_.