Affected versions of this package are vulnerable to Arbitrary File Overwrite.
It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a
serve binary, any subsequent installs of packages that also create a
serve binary would overwrite the first binary. This only affects files in
npm, this behaviour is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the
--ignore-scripts install option.
npm to version 6.13.4 or higher.