@fallenhitokiri, At best npm should be categorized as malware. All companies should start categorizing npm and AI as "Insider threats".
@chanakya @fallenhitokiri NPM is getting all the attention currently but I don’t think any other language ecosystems are doing much better. People need to be taking more responsibility for vetting dependencies they pull in.
@chanakya @fallenhitokiri the current setup is roughly equivalent to “I needed a feature so I outsourced it to a random person on the internet and then didn’t do any code review” which would get funny looks if you said it about your application code but is apparently fine for database drivers.