You don't need a significant portion to spoof for the metric to be useless.
Let's say you need a package, you go look at exxpress. It has 30M downloads, therefore it's probably the popular package you wanted. So you're good to go with npm install exxpress right?
For further actions, you may consider blocking this person and/or reporting abuse
We're a blogging-forward open source social network where we learn from one another
You don't need a significant portion to spoof for the metric to be useless.
Let's say you need a package, you go look at exxpress. It has 30M downloads, therefore it's probably the popular package you wanted. So you're good to go with
npm install exxpressright?