Re: "Open source is free to get, but I wouldn't say free to use"
"There is not one line of code in a production environment that should not be known and vetted."
You'll hate NPM then as NPM is utterly full of dependency chains. Check out http://expressjs.com/ sometime. It's full of so many shit dependencies you'll never be able to get through vetting, it's just not realistic. I feel the article should of asked how security is enforced on these larger NPM's that are full of bloat and who has vetted them. That is far more important than who's using cgroups or not.
Also, I'll never understand why Node uses meta fields with NPM, is it hard to just read the release and license information (which you should be doing anyways)? If you really need a meta field to decide whether or not a software package will work, what does that say about what Node has impressed upon its users? Have you ever found someone who's like "FAST, we need a web server, DAMN! .. if only we could sort by meta !!!!"......... ?.