Hélène one day they might realise that the big deal they have is no node_modules and no package manager
desultory Shouldn't "Secure by default" be kind of expected, considering that it can trivially be done by only taking on permission as required, even at the level of a default configuration?
Tricky Afaik a bunch of security features are paid only for node; the package manager is owned by a for-profit, confusingly enough. I have no idea how anyone would ever make money out of a package manager of all things.