Hacker News with Generative AI: NPM

Can't Install CamelCase and Decamelize (github.com/npm)
NPM is investigating: We are currently investigating reports of intermittent failures when viewing and installing packages scoped to certain keywords.
Lazarus Group deceives developers with 6 new malicious NPM packages (cyberscoop.com)
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post.
Quasar Rat Disguised as an NPM Package for Detecting Vulnerabilities in Ethereum (socket.dev)
Socket’s threat research team has discovered a malicious npm package, ethereumvulncontracthandler, which is posing as a tool for detecting vulnerabilities in Ethereum smart contracts but instead deploys Quasar RAT, a versatile remote access trojan, onto developers’ machines.
70% of new NPM packages in last 6 months were spam (phylum.io)
Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum (socket.dev)
Show HN: Resource Index – FOSS Git Repository and NPM Package Index (hkit.cc)
NPM package is-even has over 140k weekly downloads (npmjs.com)