I have never really thought about this since I use packages that I have been relying on for years and/or I do a lot of research and code review of packages that I use. But… this article in /r/javascript caught my eye: https://blog.phylum.io/the-great-npm-garbage-patch/
Something def screams high tech / low life about a bunch of spammers putting fake spammy packages on NPM just to drive up numbers.
While digital superfluousness is prob not a clear and present danger to our way of life its funny to think about how Cyberpunk this really is. Just imagine running `npm i` and then getting a bunch of messages about how you've installed 30 dependencies that contain ads or are spam.