Spam packages in npm: what are they and why are they dangerous?
In November 2025, the npm ecosystem was hit by a flood of junk packages that were part of the IndonesianFoods malicious campaign. We’re breaking down the lessons learned from this incident.
supply chain
infostealers
containers
macOS
social engineering
signs of phishing