Npm team warns of new ‘binary planting’ bug

Npm team warns of new ‘binary planting’ bug | ZDNet

The team behind npm, the biggest package manager for JavaScript libraries, has issued a security alert yesterday, advising all users to update to the latest version (6.13.4) to prevent “binary planting” attacks. Npm (Node.js Package Manager) devs say the npm command-line interface (CLI) client is impacted by a security bug — a combination between a file traversal and an arbitrary file (over)write issue.