Ɗaya daga cikin masu haɓaka fakitin JavaScript sun yi gwaji tare da ƙirƙira da sanyawa a cikin ma'ajin NPM kunshin "komai" wanda ke rufe duk fakitin da ke akwai a cikin ma'ajiyar tare da dogaro. Don aiwatar da wannan fasalin, kunshin “komai” yana da dogaro kai tsaye tare da fakitin “@dukkan-rejista/chunk-N” guda biyar, waɗanda kuma suna da dogaro akan fakiti sama da 3000 “sub-chunk-N”, kowannensu yana ɗaure zuwa Fakiti 800 da ke akwai a cikin ma'ajiyar.
Sanya "komai" a cikin NPM yana da tasiri biyu masu ban sha'awa. Da fari dai, kunshin "komai" ya zama nau'in kayan aiki don aiwatar da hare-haren DoS, tun lokacin da ƙoƙarin shigar da shi ya haifar da zazzage miliyoyin fakitin da aka shirya a cikin NPM da kuma gajiyar da sararin faifai ko dakatar da aiwatar da ayyukan ginawa. A cewar kididdigar NPM, an sauke kunshin kusan sau 250, amma babu wanda ya damu da sanya shi a matsayin dogaro ga wani kunshin bayan da aka yi kutse a asusun mai haɓakawa don yin sabo. Bugu da kari, wasu ayyuka da kayan aikin da ke sa ido da duba sabbin fakitin da NPM ke daukar nauyin kai hari ba da gangan ba.
Abu na biyu, buga kunshin "komai" ya hana ikon cire duk wani fakiti a cikin NPM wanda ya ƙare a cikin jerin abubuwan dogaro. Marubucin zai iya cire kunshin daga NPM kawai idan ba a riga an yi amfani da shi ba a cikin dogara na sauran fakiti, amma bayan buga "komai" abin dogara ya juya ya rufe duk fakiti a cikin ma'ajin. Yana da kyau a lura cewa cirewar kunshin "komai" kanta kuma an toshe shi, tun shekaru 9 da suka gabata an buga kunshin gwaji "komai-sauran" a cikin ma'ajiyar, wanda ya hada da kirtani "komai" a cikin jerin abubuwan dogara. Don haka, bayan bugawa, kunshin "komai" ya ƙare ya dogara da wani fakitin.
source: budenet.ru