NPM allows for code to be executed while you install the package which is different from maven or nuget and allows for easy exploitation paths
This is the winner. Combine that with a vastly bigger group of inexperienced developers (and I’m willing to die on that hill), and you have a lot of people running node / npm as an admin / root user, who have close to zero idea what they are doing, hitting their project with third party dependencies left and right for no particular reason (left-pad, is-number, ansi console and similar useless crap), and then your dependency management allows for code execution. Also, from my personal feeling, it seems that npm simply cannot properly audit the packages due to the sheer mass. From a technical standpoint it’s close to trivial to put your malware onto npm, and then you just need to get someone to install your package, which is way simpler than in other package managers
Isn’t Ubuntu Pro basically just an extended support for a set of universe packages for their LTS versions and free for private use?
How is making enterprises pay for extended LTS because of corporate no-update-just-insert-coin mentalities even remotely close to ransomware?
Like I get everyone who doesn’t like Ubuntu for various reasons, but this sounds completely dumb to me.