I always try to be on the more secure side of things but there is a likely chance I would fall victim to this scenario too.
I use package managers when appropriate but I have seen first hand how a complete reliance on packages can cause some deep troubles.
I found this gem article on Medium that outlines a scenario where a very malicious code set is hidden in a seemingly well meaning npm package with virtually 0 traceability.
I just wanted to share it with you. Give it a read and see if you don’t have an “omg” moment like I did.
Happy Coding! 🤓