[u223344]

Ironically the same person who first reported this npm vulnerability used the wrong package name uglifyjs instead of uglify-js in an unrelated github project.

https://github.com/mishoo/UglifyJS2/issues/936#issuecomment-...

https://github.com/samccone/The-cost-of-transpiling-es2015-i...

Or perhaps was it a security experiment to see how long it took someone to notice.