GitHub pulls pin on npm's auto-run scripts
Shai-Hulud worm exploited exactly this.
Better late than never, says everyone except the malware authors
Shai-Hulud worm exploited exactly this.
Better late than never, says everyone except the malware authors