Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

Research

Spam-tastic! npm Registry Swamped by Bizarre John Wick Frenzy

The npm public registry is drowning in a tsunami of spam and phishing, and it's all thanks to everyone's favorite gun-toting antihero, John Wick.

Spam-tastic! npm Registry Swamped by Bizarre John Wick Frenzy

Bradley Meck Farias

March 30, 2023


Step aside, Kardashians – there's a new media obsession in town, and his name is John Wick! The npm public registry is drowning in a tsunami of spam and phishing, and it's all thanks to everyone's favorite gun-toting antihero.

Here at Socket, we've been keeping a close eye on the registry, and boy, have we got some juicy tidbits for you. Just yesterday, there were a whopping 4,600 npm packages all about John Wick. But that was just the beginning! By the end of our demos, the number had shot up to 4,750, and this morning, we counted almost 5,600! That's right, folks – a mind-blowing 0.02% of npm is now dedicated to Mr. Wick.

We've already spilled the beans on uploading media to npm, but this John Wick extravaganza is taking things to a whole new level. Lucky for you, we've been cooking up some fresh new ways to handle these pesky packages, and we've uncovered some real eyebrow-raisers along the way:

1. Crafty URL shorteners are the go-to disguise for these sneaky links. Some even require a little JavaScript magic to reveal their true nature.

2. Hold the phone – most of these URLs are actually labeled as "benign" by reputation databases! Short-lived domains and hand-curated databases are the culprits behind this shocking oversight.

3. Non-English speakers, rejoice! A large chunk of these slippery packages are in languages other than English. It's time to rethink our approach to the registry and embrace the global nature of open-source software.

4. The cherry on top? This whole hullabaloo is a brazen attempt at search engine optimization (SEO) grabbing! Even though real users aren't downloading these packages (download counts suggest only bots are doing the dirty work), they're plastered all over npm's homepage. Talk about a sneaky SEO boost!

Stay tuned, dear readers, because we've got some thrilling news coming your way soon about this utterly bizarre turn of events. In the meantime, feast your eyes on this John Wick-filled npm landscape, because it's reaching a fever pitch!

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Install GitHub AppBook a demo

Related posts

Back to all posts
SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc