Oh sure, there are plenty of flaws in those packages though not even one in ten are anything to worry about

For the past few years, the security of JavaScript software packages available through the Node Package Manager, or npm, has been the subject of skepticism as a result of blunders, brouhahas, and tepid countermeasures.…

The text above is a summary, you can read full article here.