The fsevents npm package previously pulled certain remote binaries from a public S3 bucket (fsevents-binaries.s3-us-west-2.amazonaws.com). At some point the bucket expired and the domain became dangling, and in April 2023 it was hijacked by an unknown actor (reportedly a secur...