Thousands of Fake Packages Flood Npm Registry in Major Attack - Here's What We Know

Why It Matters

The flood of dormant packages expands the supply‑chain attack surface, allowing attackers to push malicious code to a large developer base, and the token‑gaming undermines confidence in open‑source incentive models, prompting tighter registry oversight.