Crashing out at how poorly npm (Microsoft) is handling this security incident. Eleventy is not affected any more but *lots* of other tools in the JavaScript ecosystem are! Hours later and the compromised package versions are still public… Maybe don’t install anything from npm today, folks.