npm.js - account qix and duckdb_admin compromised and associated CVEs allocated

https://db.gcve.eu/bundle/289697c2-61dc-410f-8343-aba0be87728d