Baruch Sadogursky1 article

The npm Registry is vulnerable to supply chain namespace shadowing, also known as “Dependency Confusion” attacks.

Make sure you create npm scoped packages and force exclude patterns.