JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Since Github doesn't provide a great way for you to learn about new releases and features, don't just star the repo, join the mailing list. dsq will likely work on other platforms that Go is ported to ...
A tutorial with examples of various access and display types can be seen at crotwell.github.io/seisplotjs. Also see the wiki. Install with npm i --save seisplotjs.