Ars Technica

NPM package with 3 million weekly downloads had a severe vulnerability

This is a significant vulnerability, but the mechanisms required to use the exploit would indicate that a hostile intruder has already gained significant control. For example, if the intruder can ...
Ars Technica

NPM flooded with malicious packages downloaded more than 86,000 times

That it's an abbreviation is not really relevant here. It sort of stands for "node package manager" but that really doesn't tell you anything. It consists of a command line client, also called npm, ...