CVE-2025-69263

Koi Security found that Git dependencies can circumvent npm’s –ignore-scripts protection and allow code execution. Several JavaScript package managers patched the flaws but npm closed the report and did not apply a fix