So, npm 5.7.0 had a little bug:
By using sudo npm on a non-root user (root users do not have the same effect), filesystem permissions are being modified. For example, if I run sudo npm --help or sudo npm update -g, all commands starting with sudo npm cause my filesystem to change ownership of directories such as /etc, /usr, /boot, and other critical directories needed for running the system to the current user running the command.
If you were running npm 5.7.0 on a prod environment, it would have destroyed your server.
At that point the only thing for you to do would have been, to look for your backups and replay those.
But those minor details aside, just look at the github thread and the resulting fail tweet.
This is not very professional.
But, it is just npm..
And one user sums this up perfectly:
For those using npm on business production servers: If your stack needs node.js to function you may reconsider the core structure of it. There is no place for a toy language in large to mid-sized enterprises.