Millions of developers could be open to attack after critical flaw exploited - here's what we know

A widely popular npm package carried a critical severity vulnerability that allowed threat actors to, in certain scenarios, run malicious commands, experts have warned.
InfoWorld

RCE in React Native CLI opens Dev Servers to attacks

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems ...