npm's Security Crisis Is Real—And GitHub Isn't Fixing It Fast Enough
The maintainer of ESLint just laid bare what developers won't say publicly: npm—the backbone of JavaScript—is held together with duct tape and good intentions. And GitHub's recent security push? Not nearly enough.