seldoI keep telling people basic facts about JavaScript's level of adoption and popularity and they still keep being surprised. I realize you lot are bored of me repeating myself but there are still tons of people who just have no idea how big a deal JS has become.
Big companies aren't so much under-investing in JavaScript as ignoring it completely. 1500-module dependency trees completely break existing corporate compliance and security policies that require individual inspection and approval, so dev teams are just *not telling anybody*.
11% of downloads from npm have a critical known vulnerability so pretending JS isn't happening is going to lead to a major security incident at a big company really quite soon. This will hurt JavaScript in general, not just that company.
This isn't an unsolved problem. We have been working on a solution for 5 years and it's really good now. We can help you. Obviously this helps npm make money but it is also going to help JavaScript in general. We can't just keep cowboying this shit forever and hoping it's okay.
I hope you buy a solution from us but if you don't, buy a solution from *somebody*, for the love of god. I use your products and I need you to take this seriously.