It would be one thing if it was _just_ a little demo utility used to showcase packaging and distribution of a trivial use case, however the creator of this has also created a number of packages which pull in these "demo" packages, like `handlebar-helpers`, which is again just these trivial function packages wrapped in handlebar decorators.
Several of these utility and helper packages are then pulled into other packages and build tools and marketed as legitimate packages, effectively hiding and masking the "just a demo" labels of the root is-even, is-odd, is-number packages. When people like myself complain about the absurdity of NPM supply chain verification, this is what we're arguing against.
Several of these utility and helper packages are then pulled into other packages and build tools and marketed as legitimate packages, effectively hiding and masking the "just a demo" labels of the root is-even, is-odd, is-number packages. When people like myself complain about the absurdity of NPM supply chain verification, this is what we're arguing against.