NPM fixes private package names leak, serious authorization bug
Out of the two disclosed flaws, the first one concerns the leak of names of private npm packages on the npmjs.com’s ‘replica’ server—feeds from which are consumed by third-party services.