Exploiting Developer Infrastructure Is Ridiculously Easy
Jarrod Overson
9.3K28

No it’s not a problem with Open Source. It’s asinine to make such a statement. No it’s not the fault of JavaScript (mostly anyway), but rather the greater Javascript community which seems to be majority populated with brand new and/or super-lazy developers who somehow are pushing code to production that they have no idea what it does. Why is this? Because there is 10 bazillion packages with layers of dependencies that make your head spin. Blaming Open Source for this is blaming the cake because kids are fat.