Remote code injection vulnerability wild in public npm package, plausible-sounding 'express-cookies' and its dependency 'getcookies'. >10K downloads during April.Vulnerable code: https://npm.runkit.com/getcookies/test/harness.js?t=1525249320108
https://www.npmjs.com/package/express-cookies