Installing npm packages feels like playing russian roulette these days.
This is 100x times worse than the other attack.