186526/unpkg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Require packages to be downloaded >= 100x/day

Browse Source 
This should make it more difficult for people who are publishing
malicious packages to npm to get them on the CDN.
This commit is contained in:
MICHAEL JACKSON
2017-08-16 22:47:24 -07:00
parent 666d8afc95
commit 1173f91091
9 changed files with 148 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
client/About.md
View File

@ -43,7 +43,11 @@ unpkg is not affiliated with or supported by npm, Inc. in any way. Please do not
### Abuse
unpkg blacklists some packages to prevent abuse. If you find a malicious package on npm, please take a moment to add it to [our blacklist](https://github.com/unpkg/unpkg.com/blob/master/server/PackageBlacklist.json).
Currently, unpkg tries to prevent people from abusing the CDN in a few different ways.
First, in order to be available on unpkg a package must have been downloaded from the npm registry an average of 100 times per day over the past week.
Secondly, unpkg maintains a blacklist of packages that are known to be malicious. If you find such a package on npm, please take a moment to submit a PR that adds it to [our blacklist](https://github.com/unpkg/unpkg.com/blob/master/server/PackageBlacklist.json).
### Feedback