Developers using the wildly popular npm registry to download JavaScript code may unwittingly be exposed to a range of cyber-threats because it fails to check the metadata of packages, it has emerged. The GitHub-owned software registry is said to be the world’s largest, relied upon by 17 million global developers.

Source: Infosecurity