Novel npm Timing Attack Allows Corporate Targeting

A timing attack helps cyberattackers lob malicious code-bombs at corporate targets by cloning private package names.