I recently started playing around with the idea of threat modeling packages on the npm ecosystem. Can an event-stream incident happen again? How about other supply chain attacks? What will be the next vector of attack that we haven’t seen yet and might it be entirely preventable? And then, one day I had a eureka! ? Let me show you how easy it is to introduce back doors that are easily missed by pr