1. Buy expired NPM maintainer email domains.2. Re-create maintainer emails3. Take over packages4. Submit legitimate security patches that include package.json version bumps to malicious dependency you pushed5. Enjoy world domination.
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.