A mess of malicious activity
https://www.bleepingcomputer.com/news/security/malicious-npm-libraries-install-ransomware-password-stealer/
Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users.
The two NPM packages are named noblox.js-proxy and noblox.js-proxies, and use typo-squatting to pretend to be the legitimate Roblox API wrapper called noblox.js-proxied by changing a single letter in the library's name.