At first, a Swedish user informed npm via Twitter that a package with a name very similar to the cross-env package was engaged in suspicious activity. "If you downloaded and installed any of these packages, you should immediately revoke and replace any credentials you might have had in your shell environment," npm advised.
Finally, npm banned the user Hack Task and reported that their developers are analyzing different approaches to prevent future occurrences of malicious typosquatting. "There are programmatic ways to detect this, and we might use them to block publication," explained in npm blog post. "We're using the Smyte service [a trust and safety SaaS offering] to detect spam as it is published to the registry, and will be experimenting with using it to detect other kinds of violations of our terms of service."
Source: NPM Official Blog