ProHoster > Blog > internet news > Only 9.27% of NPM package maintainers use two-factor authentication
Only 9.27% of NPM package maintainers use two-factor authentication
Adam Baldwin, who leads the team responsible for securing the NPM repository, опубликовал statistics prepared based on the results of last year:
Despite ongoingincidents with the takeover of NPM repositories, only 9.27% of package maintainers use two-factor authentication to protect access;
When registering, 13.37% of new accounts attempted to reuse compromised passwords that appeared in known password leaks, according to the service. haveibeenpwned.com;
Last year, 737 NPM tokens were revoked because they were mistakenly published in the NPM package registry or publicly accessible repositories on GitHub;
Averted the theft of $13 million in cryptocurrency due to the discovery of an attempt to integrate a backdoor into the Komodo Agama wallet;
The total number of security issue reports in the NPM database has reached 1285, of which 595 reports were prepared in 2019. Through [email protected] 2.2 thousand notifications about the presence of vulnerabilities were received;
Over the course of the year, the antispam system blocked 11526 transactions, including those related to attempts to promote advertising for torrents and films;
Analysis system abnormal behavior generated 1.4 million reports requested via the API, covering 15.6 TB of data with behavioral analysis information.