Intro

Okay developers, time to have a serious talk. As you are probably already aware, this week React, Babel, and a bunch of other high-profile packages on NPM broke. The reason they broke is rather astounding:

A simple NPM package called left-pad that was a dependency of their code.

left-pad, at the time of writing this, has 11 stars on GitHub . The entire package is 11 simple lines that implement a basic left-pad string function . In case those links ever die, here is the entire code of the left-pad package: