Adam Baldwin, who leads the team responsible for securing the NPM repository, statistics prepared based on the results of last year:
- Despite with the takeover of NPM repositories, only 9.27% of package maintainers use two-factor authentication to protect access;
- When registering, 13.37% of new accounts attempted to reuse compromised passwords that appeared in known password leaks, according to the service. ;
- Last year, 737 NPM tokens were revoked because they were mistakenly in the NPM package registry or publicly accessible repositories on GitHub;
- the theft of $13 million in cryptocurrency due to the discovery of an attempt to integrate a backdoor into the Komodo Agama wallet;
- The total number of security issue reports in the NPM database has reached 1285, of which 595 reports were prepared in 2019. Through [email protected] 2.2 thousand notifications about the presence of vulnerabilities were received;
- Over the course of the year, the antispam system blocked 11526 transactions, including those related to attempts to promote advertising for torrents and films;
- Analysis system generated 1.4 million reports requested via the API, covering 15.6 TB of data with behavioral analysis information.
Source: opennet.ru