Hackers spammed the npm repository with more than 15,000 packages in the hope of distributing phishing links. Hackers created these packages using automated processes, through auto-generated names and project descriptions that closely resembled one another. The bogus modules had names like “free-tiktok-followers,” “free-xbox-codes,” and “instagram-followers-free.”