Use a blacklist for bad packages

This addresses the primary concern in https://github.com/jsdelivr/jsdelivr/issues/13136

modules/client/components/About.md

@@ -41,6 +41,10 @@ The goal of npmcdn is to provide a hassle-free CDN for npm package authors. It's
 
 npmcdn is not affiliated with or supported by npm, Inc. in any way. Please do not contact npm for help with npmcdn.
 
+### Abuse
+
+npmcdn blacklists some packages to prevent abuse. If you find a malicious package on npm, please take a moment to add it to [our blacklist](https://github.com/mjackson/npmcdn/blob/master/PackageBlacklist.json)!
+
 ### Feedback
 
 If you think this is useful, I'd love to hear from you. Please reach out to [@mjackson](https://twitter.com/mjackson) with any questions/concerns.

modules/server/ServerConfig.js

@@ -14,3 +14,4 @@ export const bowerBundle = process.env.BOWER_BUNDLE || '/bower.zip'
 export const redirectTTL = process.env.REDIRECT_TTL || 500
 export const autoIndex = !process.env.DISABLE_INDEX
 export const redisURL = process.env.REDIS_URL
+export const blacklist = require('../../PackageBlacklist')