I'd actually think stuff like that recent npm worm would be a bigger danger than whatever this mess is?