Re: Just goes to show
>So you've checked every line of code in every application and all it's dependencies? You've learnt how each and every bit of code interacts with every other bit of code in your entire production eco-system?
That's the point: NPM makes it fairly easy to introduce malicious code into _your_ codebase by hijacking some obscure package you are not even aware of. End-to-end code and security audit becomes very difficult too.