In a surprising move, an npm user named PatrickJS, also known as gdi2290, started the year with a troll campaign by releasing an npm package called “everything.” This package, which has over 3,000 sub-packages, causes a Denial of Service (DOS) for those who install it, leading to storage space depletion and system resource exhaustion. To take the prank further, PatrickJS set up a website showcasing the chaos caused by the package. This isn’t the first time such a stunt has occurred, with similar incidents happening in the past. The “everything” package has also inadvertently caused issues with the ability to unpublish other packages due to npm’s policy on unpublishing.
https://socket.dev/blog/when-everything-becomes-too-much