Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.
« The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two years, » Endor Labs
