campaigns
A campaign is one publisher account doing either of two coordinated patterns within a 30-day window: two or more distinct package names (multi-name impersonation), or three or more catches on a single name (single-name version pump — e.g. a fake "product" hammered with rapid versions). Sorted by combined weekly downloads (blast radius), not recency: the campaigns that actually hit downstream users surface first.
Other axes the campaign-detector paged Slack on in the last 7 days — shared exfil destinations, identical payload hashes, typosquat target bursts, and coordinated maintainer-takeover waves. These shapes don't have their own dashboard query, so they only show up here.
