I agree, but although companies like npm / yarn review the packages, it does not mean that they are safe and in cases like Event-Stream They demonstrate that malicious code can be injected, the community is very attentive and detects this type of insertion, but it is a much bigger problem that does not depend on the execution environments, but on how we depend on third-party software.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I agree, but although companies like npm / yarn review the packages, it does not mean that they are safe and in cases like Event-Stream They demonstrate that malicious code can be injected, the community is very attentive and detects this type of insertion, but it is a much bigger problem that does not depend on the execution environments, but on how we depend on third-party software.