
Vulnerability #319816 – npm responds - BenjaminCoe
http://blog.npmjs.org/post/141702881055/package-install-scripts-vulnerability
======
quicklyfrozen
Isn't the point of the report more that npm publish will work using save
credentials rather then that arbitrary scripts can be run?

