There's only two kind of technologies.

The ones that most people use and some people complain about, and the ones that nobody uses and people keep advocating for.

This a common refrain on HN, frequently used to dismiss what may be perfectly legitimate concerns.

It also ignores the central question of whether NPM is more vulnerable to these attacks than other package managers, and should therefore be considered an unreasonable security risk.