Re: This whole debacle mirrors Gamergate
For client side JS, competent devs compile it into a bundle anyway and load it server side. Everyone wants you to use their CDN for some reason though.
The node package manager (npm), though, is abominable and incredibly easy to break.
I also think it's bullshit that the npm maintainer re-published his packages - if they give him the ability to unpublish his work, they are giving him the agency to do so at his choice. Someone could publish a new left-pad that does much of what his script does instead. Then he could sue them for trademark infringement and create a constitutional crisis.