Pretty scary attack actually
https://www.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attack/
Discussion
NPM
Package mostly installed from
Git hub repo , and sometimes they show you , like 4 moderate vulnerabilities until 3 severe vulnerability for example … always be cautions and careful to download . Sometimes there is so much version deprecated ⚠️