Flaw allowed ‘an attacker to publish new versions of any npm package’
GitHub said it has fixed a longstanding issue with the NPM (Node Package Manager) JavaScript registry that would allow an attacker to update any package without proper authorisation.…
Source:: Register