Thousands of fake packages flood npm registry in major attack - here's what we know

Over 43,000 dormant spam packages flooded npm in a coordinated two-year campaign Some packages contained worm-like scripts ...
SecurityWeek

Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign

More than 150,000 malicious packages were published in the NPM registry as part of a recently uncovered spam campaign, Amazon ...