"Hundreds of malicious packages [so obscure that almost noone installed them] found on <package registry>" really is the new way for security companies to score some cheap PR, huh
Meanwhile it instills a lot of (unjustified) fear of package registries into a lot of developers, even though the "security issue" essentially boils down to "someone let their dog crap in the community garden" and the attack vector doesn't scale to anything that people actually use
@joepie91 The security of the implied alternative, namely "copy and paste from random gists and stackoverflow answers," never seems to be discussed in such PR. Funny, that.
