Security researcher found ~0.2% of npm users re-used leaked passwords for npmblog.npmjs.org3 pointsqiqing9 years ago