Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.