That's a problem with all open source software though. Heartbleed comes to mind. This problem may be compounded a bit by the fact that npm has such a low barrier to entry due to its simplicity.
Though saying other open source software is secure due to a higher barrier to entry feels like security by obscurity. Particularly since that higher barrier is often not higher because it's insisted on being high quality tested code, but just because it involves greater complexity in actually submitting it to be distributed.
Though saying other open source software is secure due to a higher barrier to entry feels like security by obscurity. Particularly since that higher barrier is often not higher because it's insisted on being high quality tested code, but just because it involves greater complexity in actually submitting it to be distributed.