Flaw allowed 'an attacker to publish new versions of any npm package'
GitHub said it has fixed a longstanding issue with the NPM (Node Package Manager) JavaScript registry that would allow an attacker to update any package without proper authorisation.…
Support the originator by clicking the read the rest link below.