Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.
In part 1 and part 2 of the '[ ________ ] is the Best Policy' series, we looked at how open source policies can quite often lead to the wrong type of behavior.
Over the past four years, Sonatype has surveyed open source development organizations and year after year, we find that developers have the best intentions.