The core developers of the npmmirror mirror (formerly CNPM) are on the social platform express Someone used the mechanism of the npm package to move the whole set of HD pirated resources of the newly launched Qingyunian 2 to npmmirror.
Boy, this is the image station hosting open source software packages as the CDN for video distribution.
Therefore, developers reluctantly expressed that, Npmmirror is currently paused Unpkg's [Add File] service will no longer parse the new package version , but the stock will remain, so it will not affect the user's current business.
Unpkg Introduction
Unpkg is a fast, global, free public npm package CDN, It allows you to access packages on npm through URL 。 It is supported by Cloudflare and can provide fast download speed and cache service.
With unpkg, you can easily include JavaScript libraries, CSS frameworks, etc. in your web pages without downloading them to your server.
For example, if you want to use jQuery in your webpage, you can refer to it through the link provided by unpkg:
<script src=" https://unpkg.com/jquery @3.5.1/dist/jquery.min.js"></script>
This link will point to the CDN address of jQuery 3.5.1. You can replace the version number as needed.
Unpkg also supports access to package content through paths, such as:
<link href=" https://unpkg.com/bootstrap @4.5.0/dist/css/bootstrap.min.css" rel="stylesheet">
This link will point to the CSS file of Bootstrap 4.5.0.
Using unpkg can greatly simplify resource management in front-end development, because it provides a simple and fast way to introduce third-party libraries.
Taking the above "Celebrating the Second Anniversary" as an example, the usual method of the ash industry gang that collects wool is to cut the pirated video into several smaller video files (of course, they will "hide" the video files with the Sao operation, which will not be expanded here), and upload them to npm
( https://www.npmjs.com/package/lyq2/v/1.1.7-1 )And then reference them as "packages".
In addition to video files, the gang uploaded m3u8 files to unpkg( https://unpkg.com/lyq2 @1.1.7-1/playlist.m3u8 )As an index.
With "video source file" and "index", it can be played online on video websites.
M3U8 is a streaming media format gradually widely used in recent years. Its full name is UTF-8 encoded M3U file. M3U, Media Playlist is an index plain text file, which is mainly used to record the list of audio and video blocks.
When we open an M3U file, the playback software does not play the file directly, but finds the network address of the corresponding audio and video file according to the index in the file for online playback.
As the mirror station of npmjs.com, npmmirror will synchronize the full image of npm to the Chinese server (Alibaba Cloud is used), which includes the above pirated resources. With domestic servers, the speed is naturally faster
Of course, this is not the first time a pirate gang has done such a thing. Last year, foreign security research teams introduced the case of npm abuse - they found that 748 software packages hosted in npm are actually video files (outside the Wulin).
Extended Reading