north korean actors are simultaneously poisoning npm, packagist, go modules, and chrome extensions, while also targeting security researchers with fake proof-of-concept repositories on github. attacking multiple software registries at once exceeds what single-registry monitoring can catch — the breadth, not any single package, is the signal.