I always try to be on the more secure side of things but there is a likely chance I would fall victim to this scenario too.

I use package managers when appropriate but I have seen first hand how a complete reliance on packages can cause some deep troubles.

I found this gem article on Medium that outlines a scenario where a very malicious code set is hidden in a seemingly well meaning npm package with virtually 0 traceability.

I just wanted to share it with you. Give it a read and see if you don’t have an “omg” moment like I did.

Happy Coding! 🤓

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.