Not the first time that an integral node repo was hijacked for malicious purposes.
The node community moves quickly when things like this happen to replace the bad repo. The repo commit will likely get banned from npm. You can still rollback to an older version.
The person who submitted and approved the commit could also be financially liable for any damage that is caused. Huge possibility that they will personally be sued, maybe even charged criminally for illegally tampering with a secured computer system.
Not the first time that an integral node repo was hijacked for malicious purposes.
The node community moves quickly when things like this happen to replace the bad repo. The repo commit will likely get banned from npm. You can still rollback to an older version.
The person who submitted and approved the commit could also be financially liable for any inadvertant damage that is caused. Huge possibility that they will personally be sued, maybe even charged criminally.