Yes, you read that right. I’m taking some time and migrating from my family Bitwarden account to a new, single, shared single account. Why? Because the UI for having a shared organization/family is obnoxious, difficult to explain to non-technical people, and ultimately useless for our (collective) use-case.
Ultimately it seems like just another piece of the Open Source pie being consumed by corporations. While NPM is a handy tool for development in Node, I’m sure this change of ownership will prompt an exodus, as the GitHub acquisition did before it.
When it does, we’ll all be the better for it. More diverse sources allow for less single points of failure or control. I wouldn’t be surprised if the popular distributed git-forge idea spawns into a distributed NPM-analog.
Update: It was pointed out to me that there is, in fact, an alternate package repo tool/project tool: Yarn. I’m not a Node developer, but I am extremely happy that it exists and can be a stand-in for NPM.
Plugin vulnerabilities are not a new thing. The only novel thing about this one is the number of affected sites. It’d be like Askimet having a major remote control exploit. You can mitigate these issues by making sure your plugins are up-to-date. WordPress is not particularly hard to manage. There are lots of plugins and services that make it brainless (shoutout: Jetpack). So, this should be a non-issue.