Another one-line npm package breaks the JavaScript ecosystem An update to tiny "is-promise" library impacted millions of JavaScript projects. Written by Catalin Cimpanu, Contributor.