Ars Technica

NPM package with 3 million weekly downloads had a severe vulnerability

Popular NPM package “pac-resolver” has fixed a severe remote code execution (RCE) flaw. The pac-resolver package receives over 3 million weekly downloads, extending this vulnerability to Node.js ...