A high severity vulnerability has been found in a widely used npm package "socket.io" with over 4M weekly downloads.