>This guts any remaining trust I had in npm. Even if I wanted to trust them, they're not even admitting the problem exists; how am I meant to believe they're finally going to fix it? They've stopped even promising to fix this, and moved on to lies and denial.
The cold reality I'm realizing is: what are you going to do about it? If you have tens of thousands of lines of javascript written using dependencies from NPM, what is the next step?
The cold reality I'm realizing is: what are you going to do about it? If you have tens of thousands of lines of javascript written using dependencies from NPM, what is the next step?