Is There a Malware Compromise on NPM?

NPM is the most widespread and largest repository by far. This type of thing happens in all of the other package managers and registries to. It could have been somebody, there's a bunch of different patterns we see. We even see people compromise their own packages over time. These kind of get called ransomware over the last couple of years. Depending on how widely used these packages are, the impact varies a lot.