Two popular open-source packages were recently sabotaged with mischievous commits, creating confusion among those using the software and exacerbating concerns about the fragility of the open-source software supply chain.

Source: LXer – JavaScript dev deliberately screws up own popular npm packages to make a point of some sort