Open source repositories like npm are under attack by threat actors who are using them to create malicious websites. These websites are then ranked higher on search engine results because of the good reputation of the open source repositories. This makes them more visible to unsuspecting users. The attack technique was first observed in phishing campaigns but has now escalated to include empty npm modules with links to the malicious websites in the README.md files. The load created by publishing numerous packages led to NPM intermittently experiencing stability issues towards the end of March 2023.