There was a security vulnerability where a malicious file could execute code when browserified. Make sure your installation of browserify is using firstname.lastname@example.org or later.
Source: Node Security Project
The vulnerability involves breaking out of Function(), which was used to check syntax for more informative errors. In node 0.10, Function() seems to be implemented in terms of eval(), so malicious code can execute even if the function returned by Function() was never called. node 0.11 does not appear to be vulnerable.
Thanks to [Cal Leeming] (email@example.com) for discovering and disclosing this bug!
Update to version 1.1.1 or greater. If this is being used in conjunction with browserify, update browserify to 4.2.1 or greater.