Gathering weak npm credentials

less than 1 minute read

We all know the importance of strong passwords, don’t we?

In case you don’t, here’s a great example of how a security researcher was able to obtain direct publish access to 14% of npm packages through some fairly basic techniques that take advantage of poor password practices.