Days since last malicious packages in NPM: 0 (evergreen) Days since last malicious packages in PyP...

gred • today at 3:29 PM • 1 reply • view on HN

Days since last malicious packages in NPM: 0 (evergreen)

Days since last malicious packages in PyPI: 30

Days since last malicious packages in Maven: 120

I'm sure this isn't 100% accurate, and there are probably better metrics (average number of malicious packages per year, average number of developers affected per year, etc) but they aren't as easy as a quick Google News search.

Replies

_pdp_ • today at 3:39 PM

Except that the JavaScript / NPM ecosystem is 6-7 times larger than Python and Java / Maven.

https://chatgpt.com/share/6a1da751-0d88-832e-ace7-572bc786e0...

Check the linked resource which has the actual data.

➕ show 1 reply

alt Hacker News

Replies