"NPM Registry Users Download 2.1B Deprecated Packages Weekly, Researchers Say"

Researchers from Aqua Security's Team Nautilus conducted a statistical analysis of the top 50,000 most downloaded packages in the NPM registry, revealing that users download deprecated packages an estimated 2.1 billion times per week. The researchers stress that deprecated, archived, and orphaned NPM packages may contain unpatched or unreported vulnerabilities, putting projects that rely on them at risk. According to the researchers, JavaScript developers who use open-source NPM packages for their own projects may be unaware of how much dependencies on deprecated packages affect their work. This article continues to discuss key findings and points from the team's report "Deceptive Deprecation: The Truth About NPM Deprecated Packages."

SC Media reports "NPM Registry Users Download 2.1B Deprecated Packages Weekly, Researchers Say"

Submitted by grigby1