In a recently published blog post, Darcy Clarke said the npm Public Registry experiences a critical flaw when it fails to compare npm package manifest data with an archive of files that data describes, leading to a vulnerability that can be exploited for installation and execution of malicious files. Darcy Clarke was a staff engineering manager for the npm CLI team from July 2019 to December 2022. |