Use a blacklist for bad packages

This addresses the primary concern in https://github.com/jsdelivr/jsdelivr/issues/13136

PackageBlacklist.json

@@ -0,0 +1,3 @@
+{
+  "goodjsproject": true
+}

modules/client/components/About.md

@@ -41,6 +41,10 @@ The goal of npmcdn is to provide a hassle-free CDN for npm package authors. It's
 
 npmcdn is not affiliated with or supported by npm, Inc. in any way. Please do not contact npm for help with npmcdn.
 
+### Abuse
+
+npmcdn blacklists some packages to prevent abuse. If you find a malicious package on npm, please take a moment to add it to [our blacklist](https://github.com/mjackson/npmcdn/blob/master/PackageBlacklist.json)!
+
 ### Feedback
 
 If you think this is useful, I'd love to hear from you. Please reach out to [@mjackson](https://twitter.com/mjackson) with any questions/concerns.

modules/server/ServerConfig.js

@@ -14,3 +14,4 @@ export const bowerBundle = process.env.BOWER_BUNDLE || '/bower.zip'
 export const redirectTTL = process.env.REDIRECT_TTL || 500
 export const autoIndex = !process.env.DISABLE_INDEX
 export const redisURL = process.env.REDIS_URL
+export const blacklist = require('../../PackageBlacklist')

package.json

@@ -36,7 +36,7 @@
     "json-loader": "^0.5.4",
     "markdown-loader": "^0.1.7",
     "morgan": "^1.7.0",
-    "npm-http-server": "^3.4.0",
+    "npm-http-server": "^3.6.0",
     "on-finished": "^2.3.0",
     "postcss-loader": "^0.9.1",
     "react": "^15.1.0",