The pkgx.dev thing was doing the rounds yesterday and today, and it turns out that it's related to something else I've seen this week, which is tea.xyz, which tries to incentivise FOSS contributions with magic beans cryptocurrency.
Anyway, it turns out that if you make that incentive, you also make an incentive for spammy PRs and hamfisted attempts to fork and typosquat known packages to get some of those magic beans based on hopefully tricking people into installing your fork rather than the upstream.
At least the crates.io typosquatting detection seems to be doing its job. 😬
(hat tips to @web3isgreat and @molly0xfff)