Developers may be exposed to supply chain risks as a result of novel timing attacks uncovered against the registry API of the npm package…