[edgyquant]

Hard disagree. Needing to follow the politics of every piece of your tech stack is a ridiculous way of doing things. We should have a system to verify if a module is malicious or not, that’s an engineering problem, politicking about in open source communities is not. Engineers should be engineering things.

[ocdtrekkie]

You can not engineer away human problems. I agree that's a ridiculous way of doing things, but it's the only reasonable way to use Node! Which is to say, I think Node is not a great tech stack if you do not want to follow drama.

Adding an antivirus scanner to your Node project is not going to fix this. It certainly hasn't solved the malware issue in the last few decades for PCs.

[edgyquant]

At the very least don’t task your principle engineer with solving human problems then. I stand by my initial comment that that is a waste of a good engineers time and mental health.