Advisories for Npm/Npm-Programmatic package

npm-programmatic is vulnerable to Command Injection. The packages and option properties are concatenated together without any validation and are used by the exec function directly.