esbuild is an An extremely fast JavaScript and CSS bundler and minifier.
Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol in the installFromNPM process. An attacker can execute arbitrary code with the privileges of the Deno process by supplying a malicious binary through control of the NPM_CONFIG_REGISTRY environment variable.