To be fair, lots of random people (myself included) `npm install`'ing things they don't understand but seem to do the trick has generally been a good thing.
Or, at least there's been far fewer incidents of that blind trust spectacularly blowing up than the pitchfork mobs about to come after this comment might lead you to expect. Perhaps you might say that npm users at least understand the risks we take on when we do it, but I still don't think most npm users give it all that much thought...
Or, at least there's been far fewer incidents of that blind trust spectacularly blowing up than the pitchfork mobs about to come after this comment might lead you to expect. Perhaps you might say that npm users at least understand the risks we take on when we do it, but I still don't think most npm users give it all that much thought...