Idle thought: most Open Source Software, certainly most OSS on npm, shouldn’t be OSS but should instead be educational resources: blog posts, online courses, video tutorials, etc. You’d both have fewer burned out OSS maintainers and fewer dependency exploits that way.

@baldur My understanding is that NPM has had a terrible track record in terms of exploits, more so than other open source repositories.

@pimoore Yeah. Although I’m not sure how much of that can be attributed to npm’s design and how much of it is either its sheer size or bad habits in the JS/node community.

Or all of the above?

@baldur Probably all of the above. It makes me wonder about the safety of any projects that rely on npm/node libraries, which seems to be a lot more as of late.