Researchers Discover Account Takeover Flaw in Popular NPM Package With Millions of Downloads
“The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password,” software supply chain security company Illustria said in a report.