The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Early May 2nd, the npm security team received and responded to reports of a package that masqueraded as a cookie parsing library but contained a malicious backdoor. The result of the investigation concluded with three packages and three versions of a fourth package being unp