And right on cue...

A malicious NPM package has been identified and removed. Again.

As a follow up to the commentary in the previous article, a timely reminder that not only can security errors accidentally be introduced into code of any sort but that there are people out there that think that it is ok to do it deliberately as well... In this case trying to coat tail another popular package in the hope people won't look too closely.

It's worth stating again again that in spite of the view of some that the openness of Open Source is the problem it is in fact that openness that allowed the security industry to detect and correct this particular problem in such a timely manner.

Give me that over proprietary software 'Security through Obscurity' any day!!