The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malicious software modules.