Millions of developers could be open to attack after critical flaw exploited - here's what we know

A widely popular npm package carried a critical severity vulnerability that allowed threat actors to, in certain scenarios, run malicious commands, experts have warned.