Npm Patches Vulnerability Allowing Access to User Files
JavaScript package manager npm last week addressed a vulnerability that could allow a publisher to access files on a user’s system.
The issue impacts versions of npm prior to 6.13.3 and versions of yarn prior to 1.21.1, and it could be exploited through a specially crafted entry in the package.json bin field. npm v6.13.4 addresses the vulnerability.