The incident raises questions about the modern web ecosystem & development practices, the economics of open-source maintenance and whether or not you truly "own" the code you store on any of these platforms.
After I read about it I wasted a little time looking up random NPM package names to see if they'd been claimed. Sometimes I peruse possibly names for future project. Other times I just look up funny words or ideas to see if they exist.
If you're not familiar, a turboencabulator is probably the longest-running jokes in modern engineering. It's description, from 1944, is inscrutable, jargon-laden nonsense for an impossible, non-existing machine. In other words: the perfect kind of thing to publish as an NPM package.
The thought of someone installing a turboencabulator as a dependency made me laugh, and seemed too perfect. I assumed someone out there must've had the same idea and done it years ago.
A strange turn: Within couple days, when all that existed in the project was a README file, I noticed the package had already been downloaded from NPM over 30 times (?!?)