Hacker News new | ask | show | jobs
by marcus_holmes 2399 days ago
This. am I really expected to review every change that 179 authors make to 242 packages?

And if I don't, am I responsible for the malicious code insertion, or is NPM going to take responsibility for that?
1 comments
SahAssar 2398 days ago
You are responsible for malicious code insertion either way.

If you delegate trust in any way, you are responsible for how that trust was (mis)used.

link