If you are a JS developer you probably use NPM multiple times a day without thinking about it. It’s the default package manager which ships with node.
Node’s npm carries over 210,000 packages from over 60,000 contributors. This wealth of open source functionality is awesome, but it also carries risk. You’re running a stranger’s code inside your applications. Do you know which packages you’re running? Do you know if their authors understand or care about security? Do you know if they have vulnerabilities?