In what’s a continuing assault on the open source ecosystem,over 15,000 spam packageshave flooded the npm repository in an attempt to distribute phishing links. “The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another,” Checkmarx researcher Yehuda Gelbsaidin a Tuesday report. “The attackers referred to retail