When "Everything" Becomes Too Much: The npm Package Chaos of 2024 - Socket
An NPM user named PatrickJS launched a troll campaign with a package called "everything," which depends on all public npm packages.
https://socket.dev/blog/when-everything-becomes-too-much