RT @dystopiabreaker
since everyone is talking about log4j/supply chains

an experiment years ago i calculated 1-bit offset utf8 strings of the top few hundred npm packages and registered packages under them

they received thousands of hits per week from machines trying to download and execute them