"I have heard something similar about javascript two years ago."

Things like this have happened on npm a few times.

"By the way, could this happen with cpan?"

Yes.