Threat actors flooded the npm open source package repository for Node.js with bogus packages that briefly even resulted in a denial-of-service (DoS) attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems' good reputation on search engines," Checkmarx's Jossef Harush Kadouri said in a report
![Hackers Flood NPM with Bogus Packages Causing a DoS Attack](https://cdn-ak-scissors.b.st-hatena.com/image/square/dddca55e8cdb943b14d27fa3bf514493a93db145/height=288;version=1;width=512/https%3A%2F%2Fthehackernews.com%2Fnew-images%2Fimg%2Fb%2FR29vZ2xl%2FAVvXsEhyxVlTF3iie_27KaDW2GSQvYMJZn4RUc-Zwq4njFp_ziwJLWoGgx5ENTPIrxubzc8wp5lH3npXOnAb-oM-fScIOfL14pQ3QuSRrVpRBshHMUXgKp8MNdkbcCdzztYQXxWuxSkVhFYTfpM2hTN4ULY2E-vKQIStSSdCBZ_84NfDH3ZMENbk7HCxdjYJ%2Fs728-e3650%2Fnpm.png)