GitHub saved plaintext passwords of npm users in log files, post mortem reveals