https://securityreport.com/grayhat-pollutes-npm-pypi-with-thousands-of-fake-supply-chain-dependencies/