⚠️ Algolia search returns malicious/dangerous packages removed from npm registry search

### Describe the feature

While working on another search-related topic https://github.com/npmx-dev/npmx.dev/pull/1996 I've found that Algolia returns packages, which are basically ad for download stolen e-books. It appears that npm already marked these packages as malicious.

Example (marked as "Security holding package"):
https://npmx.dev/package/dowload_ebok_voir_grand_by_luc_poirier_bdn67
https://www.npmjs.com/package/dowload_ebok_voir_grand_by_luc_poirier_bdn67
https://registry.npmjs.org/dowload_ebok_voir_grand_by_luc_poirier_bdn67

Example similar but **NOT** marked as dangerous:
https://npmx.dev/package/dowload_ebok_bone_t01_by_jeff_smith_g9wli
https://www.npmjs.com/package/dowload_ebok_bone_t01_by_jeff_smith_g9wli
https://registry.npmjs.org/dowload_ebok_bone_t01_by_jeff_smith_g9wli

NPM also filters out packages that looks similar, but not yet marked as "security holding", but Algolia search returns it.

Algolia result for `"download_ebook"`:
https://npmx.dev/search?q=dowload_ebook

npm search result:
https://npmx.dev/search?q=download_ebook&p=npm
https://registry.npmjs.org/-/v1/search?text=download_ebook&size=10

npmjs.org:
https://www.npmjs.com/search?q=dowload_ebook

<img width="1473" height="1101" alt="Image" src="https://github.com/user-attachments/assets/66a4a18f-30f8-4e12-8e85-141520624425" />

<img width="2244" height="459" alt="Image" src="https://github.com/user-attachments/assets/95d70d1c-80bb-4cd2-bf8a-f9f7593d21a0" />

To discuss:
- add internal logic to detect malicious packages and mark in UI when entered by direct link (similar to e18e issues). Maybe shold be part of e18e
- add internal filtering of Algolia results to remove such packages

### Additional information

- [x] Would you be willing to help implement this feature?

### Final checks

- [x] Read the [contribution guide](https://github.com/npmx-dev/npmx.dev/blob/main/CONTRIBUTING.md).
- [x] Check existing [issues](https://github.com/npmx-dev/npmx.dev/issues).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

⚠️ Algolia search returns malicious/dangerous packages removed from npm registry search #2002

Describe the feature

Additional information

Final checks

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

⚠️ Algolia search returns malicious/dangerous packages removed from npm registry search #2002

Description

Describe the feature

Additional information

Final checks

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions