In this campaign, crooks were using typosquatting (giving malware a name similar to a legitimate file that developers could download and run by mistake), and deployed multiple packages to the npm ...