Destructive malware available in NPM repo went unnoticed for 2 years

Payloads were set to spontaneously detonate on specific dates with no warning.