[lookdangerous]

How about instead of who owns it, ask who uses it?

[Nextgrid]

I don't think this would affect most developers? The value of NPM is a host of packages that you reference in package.json, not its web UI.

The spam on the web UI is dangerous for victims that land there via search engines, but I don't think this would affect NPM's actual users that much?

[lookdangerous]

Thanks for clarifying the situation

[madeofpalk]

I use NPM regularly and I've never been impacted by this spam.