Let me tell you about the event-stream incident. In 2018, a popular npm package with 2 million weekly downloads was handed off to a new maintainer. That new maintainer embedded a payload inside it targeting Bitcoin wallets. Nobody noticed for weeks. Not because developers were sloppy — because they trusted a package name they recognized. The MCP ecosystem is walking into the same trap. And in some ways, it's set up to fall harder. What is typosquatting, exactly? It's simple. Someone registers a package name that looks almost identical to a legitimate, well-known one. One character swapped. A hyphen added. A zero where an "o" should be. The goal is that you — or an automation script, or an AI assistant — installs the wrong one. In a typical npm workflow, this is already a serious risk. In the MCP ecosystem, it's worse. When you install a malicious MCP server, you're not just running some code in a build step. You're handing a live process access to your filesystem, your environment variables, your shell.…