npm's Security Dilemma: How Malicious Packages Exploit Openness and the Path Forward

The discovery of malicious npm packages like xlsx-to-json-lh—a six-year-old typosquatting artifact mimicking the legitimate xlsx-to-json-lc—alongside broader campaigns involving 60+ packages, underscores systemic vulnerabilities in npm's security mod...