[jeroenhd]

I never got why people were so mad at the guy behind left-pad. The entire incident showcases the sheer lunacy behind common web frameworks, and the power and control they sacrificed for the ease of use of external dependencies. If your day is ruined because some random guy you've never heard of on the other side of the world got an angry letter from lawyers, maybe take a look at the house of cards your product is based on rather than lay down blame.

left-pad will happen again. Maybe not on NPM, but on crates.io/pypi/Google's go proxy. All it takes is for a developer to join the ICC and piss of Trump and suddenly the code is impossible to find on any of the standard repositories. Even Go will have issues because despite the Github references, all the standard go traffic still goes through Google. Or even worse, someone fights back against a recent invasion and uploads a virus that wipes the drive of whatever locale they're targeting.