There is a security vulnerability in npm by default that enables writing a worm that can propagate to anyone doing an npm install to a package that would contain an infected dependency (even if the dependency is deep).
Full article
Defeating The Npm Worm writings
There is a security vulnerability in npm by default that enables writing a worm that can propagate to anyone doing an npm install to a package that would contain an infected dependency (even if the dependency is deep).
Full article