> malicious-NPM-package-of-the-week

This is going to get worse and worse. I recently noticed AI harness (e.g. OpenCode) downloading random npm packages in the background and litter them everywhere in a few place in ~ and in your project dir, all without telling/asking you.

What's worse is that people don't seem to care even the devs.