NPM fixes private package names leak, serious authorization bug
The largest software registry of Node.js packages, npm, has disclosed fixing multiple security flaws. The first flaw concerns leak of names of private npm packages on the npmjs.com's "replica" server. Whereas, the second flaw allows attackers to publish new versions of any existing npm package that they do not own or have rights to. [...]