GitHub ekpughere ihe abụọ mere na akụrụngwa nchekwa NPM ya. Na Nọvemba 2, ndị nyocha nchekwa ndị ọzọ (Kajetan Grzybowski na Maciej Piechota), dị ka akụkụ nke mmemme Bug Bounty, kọrọ na ọnụnọ adịghị ike na ebe nchekwa NPM nke na-enye gị ohere ibipụta ụdị ngwugwu ọ bụla site na iji akaụntụ gị, nke enyeghị ikike ime ụdị mmelite ahụ.
Ihe kpatara adịghị ike ahụ bụ nlele ikike na-ezighi ezi na koodu microservices na-edozi arịrịọ NPM. Ọrụ ikike ahụ mere nlele ikike ngwungwu dabere na data agafere na arịrịọ ahụ, mana ọrụ ọzọ bulitere mmelite na ebe nchekwa ahụ kpebiri ngwungwu ibipụta dabere na ọdịnaya metadata nke ngwungwu ebugoro. N'ihi ya, onye na-awakpo nwere ike ịrịọ ka e bipụta mmelite maka ngwugwu ya, nke ọ nwere ike ịnweta, ma dee na ngwugwu n'onwe ya ozi gbasara ngwugwu ọzọ, nke ga-emecha emelite.
Edoziri okwu a awa 6 ka akọchara adịghị ike ahụ, mana adịghị ike ahụ dị na NPM ogologo oge karịa mkpuchi ndekọ telemetry. GitHub na-ekwu na enwebeghị ụdị mwakpo a na-eji adịghị ike a kemgbe Septemba 2020, mana enweghị nkwa na e jirila nsogbu ahụ eme ihe mbụ.
Ihe omume nke abụọ mere na October 26. N'oge ọrụ teknụzụ na nchekwa data nke ọrụ replicate.npmjs.com, ekpughere ọnụnọ nke data nzuzo na nchekwa data enwere ike ịnweta arịrịọ mpụga, na-ekpughe ozi gbasara aha ngwugwu ime nke ekwuru na ndekọ mgbanwe. Enwere ike iji ozi gbasara aha ndị dị otú ahụ mee mwakpo ịdabere na ọrụ dị n'ime (na February, mwakpo yiri nke ahụ kwere ka e gbuo koodu na sava nke PayPal, Microsoft, Apple, Netflix, Uber na ụlọ ọrụ 30 ndị ọzọ).
Na mgbakwunye, n'ihi ọnụ ọgụgụ na-arịwanye elu nke ebe nchekwa nke nnukwu ọrụ a na-apụnara ma na-akwalite koodu ọjọọ site na imebi akaụntụ onye nrụpụta, GitHub ekpebiela iwebata nkwenye ihe abụọ dị mkpa. Mgbanwe a ga-amalite na nkeji mbụ nke 2022 ma ga-emetụta ndị na-echekwa na ndị na-ahụ maka ngwugwu gụnyere na ndepụta kachasị ewu ewu. Na mgbakwunye, a na-akọ maka nkwalite akụrụngwa nke ọgbara ọhụrụ, nke a ga-ewebata nleba anya na nyocha nke ụdị ngwugwu ọhụrụ maka mmalite nke mgbanwe ọjọọ.
Ka anyị cheta na, dị ka ọmụmụ emere na 2020, naanị 9.27% nke ndị na-echekwa ngwugwu na-eji njirimara ihe abụọ iji kpuchido ohere, na 13.37% nke ikpe, mgbe ị na-edebanye aha akaụntụ ọhụrụ, ndị mmepe nwara ijikwa okwuntughe mebie nke pụtara na ya. ama ama okwuntughe. N'oge nyocha nchekwa okwuntughe, enwetara 12% nke akaụntụ NPM (13% nke ngwungwu) n'ihi iji okwuntughe a na-ebu amụma na nke dị obere dị ka "123456." N'ime ndị nwere nsogbu bụ akaụntụ onye ọrụ 4 sitere na ngwugwu Top 20 kachasị ewu ewu, akaụntụ 13 nwere ngwugwu ebudatara ihe karịrị ugboro nde 50 kwa ọnwa, 40 nwere ihe karịrị nde 10 nbudata kwa ọnwa, yana 282 nwere ihe karịrị nde 1 nbudata kwa ọnwa. N'iburu n'uche ntinye nke modul tinyere usoro ịdabere na ya, imebi akaụntụ ndị a na-atụkwasịghị obi nwere ike imetụta ihe ruru 52% nke modul niile na NPM.
isi: opennet.ru