In the news (again): Package managers and shared libraries on CDNs being hijacked by darkside hackers.
Me for the last fifteen years: Package managers are evil. Only use libraries you vet and manage yourself. If you are compiling binaries, avoid dynamic linking and static link only to code compiled from source; no library obj files.
Me for the last ten years: NPM is especially evil and the reliance on it for everything Node.js related means you should avoid Node as well.
Rusted Neuron is a Mastodon Instance operated by Jack William Bell