Guess it's time to reset the "Days since a massive load-bearing nodejs library got compromised and fitted with malware" calendar.

Why does this ONLY seem to happen to Node? Is my news flow biased or is it specifically an npm problem?