A “logical flaw” has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate, writes Ravie Lakshmanan.
Here is the link: https://thehackernews.com/2022/04/npm-bug-allowed-attackers-to-distribute.html