Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. The 'coa' library, short for Command-Option-Argument, receives about 9 million weekly downloads on npm, and is used by almost 5 million open source repositories on GitHub.
Having a forced standard way of doing things is good for beginners, but the moment whatever entity controls that standard way screws up or no longer wants to keep developing it cough Google cough, or you need to do something that they didn’t account for, it’ll be a shitshow.
Now, if that standard way was Libre, that would fix all of those issues. But then it wouldn’t be a “forced” standard way anymore.