NPM swats path traversal bug that lets evil packages modify, steal files. That’s bad for JavaScript crypto-wallets

Trio of vulnerabilities made registry full of uncertain code even more of a risk

On Wednesday, NPM, Inc, the California-based biz that has taken it upon itself to organize the world’s JavaScript packages into the npm registry, warned that its command line tool, the npm CLI, has a rather serious

...continue reading...

Source: Theregister.co.uk/security / Article: "NPM swats path traversal bug that lets evil packages modify, steal files. That's bad for JavaScript crypto-wallets"