According to WhiteSource, a leading open source security provider, npm, one of the most widely used JavaScript package managers, is a playground for malicious actors. Is it really that bad?
First, JavaScript is wildly popular. Love it or hate it, Javascript by Stack Overflow’s count remains today’s most commonly used programming language. With more than 16 million developers worldwide relying on its speed, strong documentation, and interoperability with other programming languages that won’t be changing soon.
But its popularity is a mixed blessing. Hackers are increasingly targeting JavaScript’s open-source package managers and package registries. The most widely used of which is npm, with more than 1.8 million active packages.