These packages imitated legitimate modules, such as jquery, which has millions of weekly downloads. Although the malicious packages were downloaded roughly 1000 times, they were swiftly removed from npm after detection.