On Measuring JavaScript Vulnerabilities in the NPM Packages, Websites and Chrome Extensions