Recently, at RubyGems.org, we’ve encountered an unusual surge of empty packages, triggering an investigation by our team. This influx of pointless gems, referencing one of the reasonably popular packages, hinted at an attempt to manipulate the tea.xyz protocol. As with any potentially risky incident, we delved deeper into the motives and mechanics behind these submissions. This short article contains our investigation, the conclusions we’ve reached, and how, theoretically, individuals loo...
