npm Blog Archive: Package install scripts vulnerabilityThe npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Disclaimer: we had been told this vulnerability would be disclosed on Monday, not Friday, so this post is a little rushed and may be edited later. As disclosed to us in January and formally discussed in CERT vulnerability note VU#319816, it is possible for a maliciously-writ
