Hi nvm collaborators!

I recently installed nvm in my MacBook and noticed something that brought my attention. When I inspect my $PATH variable I saw that the nvm bin folder is prepended to the current list like this:

> echo $PATH
/Users/androdriguez/.nvm/versions/node/v13.3.0/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin

I'm not a security expert but as far as I know this setup is opening the door for Sudo Piggyback attacks in which a malicious script can insert a malicious sudo program in the nvm bin folder without any problem and thus replace the original sudo program located in usr/bin in order to steal password information and other things.

I was wondering if this can be addressed by not prepending but appending the path to the end of the list like this (as Flutter does for example):

> echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Users/androdriguez/.nvm/versions/node/v13.3.0/bin

Or at least changing the owner and group privileges of the bin folder to root and wheel to ask for admin credentials anytime someone tries to write in the folder:

> ls -al /Users/myuser/.nvm/versions/node/v13.3.0
total 320
drwxr-xr-x  9 myuser  313246183    288 Dec 16 18:01 .
drwxr-xr-x  3 myuser  313246183     96 Dec 16 18:01 ..
-rw-r--r--  1 myuser  313246183  53571 Dec  3 09:46 CHANGELOG.md
-rw-r--r--  1 myuser  313246183  77130 Dec  3 09:46 LICENSE
-rw-r--r--  1 myuser  313246183  26337 Dec  3 09:46 README.md
drwxr-xr-x  5 root    wheel        160 Dec 26 18:57 bin
drwxr-xr-x  3 myuser  313246183     96 Dec  3 09:46 include
drwxr-xr-x  4 myuser  313246183    128 Dec  3 09:46 lib
drwxr-xr-x  5 myuser  313246183    160 Dec  3 09:46 share

Let me know your thoughts about this matter.
Best regards.