New Timing Attack Against NPM Registry API Could Expose Private Packages
A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats