The really scary thing is probably the malicious npm dependencies. If I think about the projects at work with and all the different packages and the hundreds of dependencies no one knows. And it’s probably even worse in really big companies like Microsoft or Facebook, they probably got thousands across their products. I hope for us all that they scan them very regularly.