GitHub Confirms Another Major NPM Security Defect
Microsoft-owned GitHub is again flagging major security problems in the npm registry, warning that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain.
Read more: GitHub Confirms Another Major NPM Security Defect
Story added 16. November 2021, content source with full text you can find at link above.