NPM package with 3 million weekly downloads had a severe vulnerability Untrusted JavaScript config file can execute arbitrary code.

Most JavaScript developers are familiar with the npm package manager, which was originally developed by Isaac Schlueter. What many probably don't know is ...