“The mysterious supply chain concern of string-width-cjs npm package | Snyk”

https://snyk.io/blog/supply-chain-string-width-cjs-npm/

> It is my assumption that all of these dependent packages and download boosts are leading to the sole purpose of creating false legitimacy for the 3 *-cjs package

Fun fun fun.

The mysterious supply chain concern of string-width-cjs npm package

Npm package aliasing can be a security threat. Learn about how malicious actors can exploit this feature to introduce fake packages into your projects. Protect your projects with best practices and stay vigilant against supply chain attacks.

^{Liran Tal (Snyk)}