Yes 60m downloads is a lot of downloads. But it’s not 60m developers manually clicking the download link every week. Not is it 60m times that “npm install rimraf” has been called. What is happening is that many projects, some big some just hello world tutorials, have listed rimraf in the package.json file for that project. Then when “npm install” is run, all the packages get downloaded. And what is more, many people build their software in CI builds, like travisci, circleci, or GitHub actions. The build scripts will also then downloaded everything listed in package.json. And if you do multiple builds a day, then that’s multiple downloads each day.

Is it very inefficient? Yes it is. And npmjs.com will block your IP if you do too many downloads in on day.

Actually is says 86m a week here: https://www.npmjs.com/package/rimraf