Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. The 'coa' library, short for Command-Option-Argument, receives about 9 million weekly downloads on npm, and is used by almost 5 million open source repositories on GitHub.
damn, that mush have sucked 😬, although there’s a weird sense of security in only having to know and use a single set of tools and being able to solely rely on those 🤷♀️
but i’m glad we have open source tools now :)
Having a forced standard way of doing things is good for beginners, but the moment whatever entity controls that standard way screws up or no longer wants to keep developing it cough Google cough, or you need to do something that they didn’t account for, it’ll be a shitshow.