Crashing out at how poorly npm (Microsoft) is handling this security incident. Eleventy is not affected any more but *lots* of other tools in the JavaScript ecosystem are!
Hours later and the compromised package versions are still public…
Maybe don’t install anything from npm today, folks.
