I think they're counting every dependency. For example they mention a backdoored log4j version: but every project pulling that one log4j version is counted as "malicious".
Still 500 K out of 7M that'd be using a malicious package would still be staggeringly high.