Typosquatting used to entice downloads of malicious NPM packages