Hello,
Discovered an RCE vuln in Browserify <=4.2.0.
Maintainer patched upstream just 4 hours after responsible disclosure yesterday, now fixed as of 4.2.1.
Summary and POC found here: http://iops.io/blog/browserify-rce-vulnerability/
Cal