npm

npm is the largest package manager for JavaScript and Node.js, used by millions of developers worldwide. This high-severity vulnerability (CVSS 7.8) requires local access and low-level user privileges to exploit, but once compromised grants an attacker complete control over confidentiality, integrity, and availability of the affected system with no user interaction needed. Security teams should monitor for suspicious npm package installations and privilege escalation attempts, particularly in development environments where npm runs with elevated permissions.