
The Great Suspender developer account hacked, extension pulled from Chrome Store - ikeboy
https://www.reddit.com/r/chrome/comments/6fotke/the_great_suspender_extension_gone/
======
benologist
I'm waiting for this to start happening to NPM modules. What a great way to
quietly monitor and leverage nodejs websites.

~~~
tyingq
That seems likely. You can even go under the radar a bit. Pick a popular
module that is commonly misspelled by end users. Clone it, rename it, and
wait.

~~~
micaksica
There was a thesis on this a year ago:

[http://incolumitas.com/2016/06/08/typosquatting-package-
mana...](http://incolumitas.com/2016/06/08/typosquatting-package-managers/)

After the "left pad" debacle, npm provided protection from typosquatting a
deleted module:

[http://blog.npmjs.org/post/141577284765/kik-left-pad-and-
npm](http://blog.npmjs.org/post/141577284765/kik-left-pad-and-npm)

~~~
tyingq
Don't know that this npm module has bad intentions, but I'll bet some of the
downloads were unintentional.
[https://www.npmjs.com/package/loadash](https://www.npmjs.com/package/loadash)

245 downloads in the last day.

~~~
micaksica
I pulled down this package. It is just a package.json file.

~~~
tyingq
Sure, but the number of downloads/day shows the potential of squatting on a
typo.

