[kabes]

Are node apps getting way more hacked than say php or java servers? Was his code any better?

[Thorrez]

There are frequently posts on HN about NPM packages getting compromised.

Of the top 10 posts on HN about NPM in the past 30 days[1], 9 are about security problems, and last 1 is about package spam.

[1] https://hn.algolia.com/?dateRange=pastMonth&page=0&prefix=fa...

[danielheath]

Node apps tend to depend on a far, far wider pool of maintainers.

To illustrate: A new Ruby on Rails app has 1/10th the number of maintainers in its dependency list than a new create-react-app codebase.

[dragonwriter]

A create-react-app app is not a node app (It has a node dev server, but it's a front-end JS app), so its a weird thing to reach for to illustrate a point about node apps.