Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.

from Dark Reading: https://ift.tt/3vCHpOw
via IFTTT