Crashing out at how poorly npm (Microsoft) is handling this security incident. Eleventy is not affected any more but lots of other tools in the JavaScript ecosystem are!
Hours later and the compromised package versions are still public…
Maybe don’t install anything from npm today, folks.