npm libraries are *everywhere* and are here to stay. We use them daily, sometimes without even knowing.
Why should we bother? Well, if you’re in a small startup, you’re usually put in command of the code and that means you’re being counted on to not let the company down when some security breach occurs.
If you’re in a big organization – know that the organization or your customers (probably also organizations) might later find out security holes and it’ll be up to you to fix those – with or without enough time to do that. You might not be able to use a library you’re already using – which might *break your code*.
What’s the solution? See below.