This chapter discusses the potential risks of running random code from npm and the trade-off between adding functionality to the web versus using it solely as a document viewer. It emphasizes that browsers generally do a good job of protecting users from compromise.
In this Supper Club episode of Syntax, Wes and Scott talk with Feross Aboukhadijeh about his work on Socket which helps to make sure the code you get from npm is safe and secure. They also touch on his work on Wormhole and Web Torrent.