ringrtc's namespace on npm has been reserved to execute what looks like an innocuous dependency confusion attack

[microsoftly]

Repo is https://github.com/chevonmdphillip/ringrtc

It looks like they're just trying to determine when a download happens. I'm just sending this your way to notify you that someone is squatting on that namespace.

I would recommend changing the package.json name to be namespaced to an organization that you own on NPM.