Incident Report: npm Registry Service Degradation
This summary is created by Generative AI and may differ from the actual content.
Overview
The npm registry experienced periodic service degradation from November 21-25 due to a user bot aggressively crawling the registry. The incident response team identified the root cause, implemented mitigations, and stabilized registry service.
Impact
Periodic service degradation of the npm registry
Trigger
Aggressive bot queries started on November 21, 18:20 UTC
Detection
Alerted to increasing error rates from our monitoring systems and reports from the npm community
Resolution
Blocked bot activity, CDN updates deployed
Root Cause
An npm user launched a bot to aggressively crawl the registry against our terms of service, querying a mix of existing and non-existing packages, which put undue strain on the systems used to authenticate package existence and retrieval.