GitHub has disclosed two incidents in the NPM package repository infrastructure. On November 2, third-party security researchers ( Kajetan Grzybowski and Maciej Piechota ) as part of the Bug Bounty program announced a vulnerability in the NPM repository that allows you to publish a new version of any package using your account, which is not authorized to perform such updates. […]