Apparently PHP core was hacked on their git server and malicious code was comitted to the PHP interpreter.
NPM’s had a few packages compromised, maybe Deno has the right idea about about security, if you use packages…
I personally just go through packages and try to understand how it works, what I need from it and then try and replicate it.
Its pretty crazy that an entire language that what? 60% of the web runs off, was compromised even for day or 2.