Half of all JavaScript npm packages could have been hacked via weak credentialsbleepingcomputer.com128 pointswhitewalls9 years ago