Read the original article: Beware the Package Typosquatting Supply Chain Attack
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
Read the original article: Beware the Package Typosquatting Supply Chain Attack