[$] event-stream, npm, and trust

Malware inserted into a popular npm
package has put some users at risk of losing Bitcoin, which is certainly
worrisome. More concerning, though, is the implications of how the malware
got into the package—and how the package got distributed. This is not the
first time we have seen package-distribution channels exploited, nor will
it be the last, but the underlying problem requires more than a technical
solution. It is, fundamentally, a social problem: trust.