Ars Technica

NPM package with 3 million weekly downloads had a severe vulnerability

This is a significant vulnerability, but the mechanisms required to use the exploit would indicate that a hostile intruder has already gained significant control. For example, if the intruder can ...
Ars Technica

NPM package with 3 million weekly downloads had a severe vulnerability

I have concerns about NPM too, but I think it is absurd to just sweat that when it has proven NOT to be the source of most of our security issues generally. We could 'fix' NPM or just not use it, and ...