[brabel]

Hm... if you use something like Debian it's quite difficult to get your package installed in the distro. People do review everything that goes in. I find it incredibly silly to compare something like that to npm, where every kid has dozens of packages installed that anyone using npm can end up downloading and no one is really reviewing anything.

[alt227]

I agree one is more difficult than the other, but I feel the principal is the same. Whilst anything is built using other modules, there is always risk those modules will be compromised.