Updates promised by npm, inc. are finally being delivered to increase security of Node.js projects to assuage concerns following years of problems.
SEE: 10 signs you might be working for the wrong company (free PDF) (TechRepublic)
NPM's track record for security and corporate governance has been dicey—the infamous left-pad incident was prompted by npm, inc., following their acquiescence to demands from lawyers representing the messaging service Kik demanding that an unrelated package be renamed. After the author of the package declined, npm, inc. reassigned the package to Kik, prompting the original author to unpublish every other package they owned, breaking downstream programs that required those packages, with a 575,000 using the left-pad package.
Noted programmer David Gilbertson takes issue with importing third-party packages for obvious reasons, noting in a Medium essay that "we live in an age where people install npm packages like they're popping pain killers."
Last November, a hacker socially engineered their way into getting control of the event-stream package. That was leveraged by the malicious package maintainer to insert obfuscated code used to steal cryptocurrency wallet information. Baldwin previously characterized this to TechRepublic as a "cat and mouse game" which is "difficult when you have 100,000 mice out there."
From a corporate governance standpoint, npm, inc. has taken heat throughout most of 2019 for layoffs affecting five employees, following the formal announcement of new CEO Bryan Bogensberger, who has been accused of replacing existing staffers with people from a startup that Bogensberger exited.
- How to become a developer: A cheat sheet (TechRepublic)
- Implementing DevOps: A guide for IT pros (TechRepublic download)
- Telephone interview cheat sheet: Software developer (TechRepublic Premium)
- Programming languages: Developers reveal most loved, most loathed, what pays best (ZDNet)
- It takes work to keep your data private online. These apps can help (CNET)
- Programming languages and developer career sources (TechRepublic on Flipboard)