Lazy Web Developers Could End the World

Does your web development project use node.js? What dependencies are you using? Are you a lazy developer? You could be putting your clients and your company at risk.

Here’s the thing.

The packages used in node.js are all developed by individual developers and made publically available out of the kindness of their hearts. What if one of those developers was a hacker looking for a way to get into computers all around the world?

All they would need to do is write a popular npm package and get it deployed to thousands of projects. Then, in a seemingly minor update, add their malware to the package.

Hey presto! 

For more on this particular potential problem, read the article by Casper Beyer on Medium.