←back to thread

Tell HN: Camelgate NPM Outage (Cloudflare)

119 points bavarianbob | 2 comments | 01 Apr 25 16:19 UTC | HN request time: 0.433s | source

EDIT: Back online?!

NPM discussion: https://github.com/npm/cli/issues/8203

NPM incident: https://status.npmjs.org/incidents/hdtkrsqp134s

Cloudflare messaging: https://www.cloudflarestatus.com/incidents/gshczn1wxh74

GitHub issue: https://github.com/sindresorhus/camelcase/issues/114

Anyone experiencing npm outage that's more than just the referenced camelcase package?

Show context
pvg ◴[01 Apr 25 18:59 UTC] No.43550246[source]
This is not CF WAF's first rodeo https://news.ycombinator.com/item?id=20421538

Cementing its track record as a product that mostly doesn't do anything except for occasionally break the internet here and there to keep things fun and interesting.

replies(3): >>43550290 #>>43550388 #>>43552686 #
AdamJacobMuller ◴[01 Apr 25 19:16 UTC] No.43550388[source]
I'm not sure why "WAF has false positives" makes it useless, nor would I say this is anywhere near the scale of "breaking the internet" and I'm not even fan of the concept of WAFs in general.
replies(1): >>43550539 #
1. pvg ◴[01 Apr 25 19:31 UTC] No.43550539[source]
The last one took out a lot more stuff than this one but the argument is the same - this product is a checkmark thing and when it's not fulfilling its checkmark purpose, it causes outages. Still an amusing bi-modality! I suppose it shares it with DNSSEC.
replies(1): >>43550678 #
2. misiek08 ◴[01 Apr 25 19:48 UTC] No.43550678[source]
Basically CF default WAF settings saved more small and medium companies I can even count to. I’m not CF fan, but WAFs (with rate limiting) do help. Sad that one or two incidents for that complicated and big services make people post such comments, but cmon - it doesn’t have AI in it's name so sheeps have to cry, right?