PyPI

• PyPI removes all traces of the malicious package.
• If a package version is deleted, it is properly marked as yanked. See the example https://pypi.org/pypi/apache-superset/json where version 2.1.1rc1 is marked as yanked.
• Discussion on an index for packages that have been entirely removed from PyPI: https://discuss.python.org/t/an-index-for-deleted-pypi-packages-versions/50515

NPM

• Npm removes all versions of a malicious package from the index and provides a placeholder package version 0.0.1-security. See the example https://registry.npmjs.org/gxm-reference-web-auth-server.
• Npm also allows unpublishing (yanking) a package version within 72 hours see https://docs.npmjs.com/unpublishing-packages-from-the-registry.

Related: aboutcode-org/vulnerablecode#1533 (comment), aboutcode-org/vulnerablecode#1533 (comment)