Web of Trust, you mean that plugin that was caught with its fingers in the cookie jar a few years back? Maybe not.
Also, I wouldn't be so quick to assume that the new maintainer had a clue that this malware had been introduced. It is of course possible that s/he was in cahoots with the other account, but with the way that NPM works, half the web can break because some random Dev throws their toys out of the cot. Leaving asides the question as to whether his actions were justified, it showed that thousands (and that isa generously small number) of projects find themselves with unrealised dependencies.
This is both the greatest strength and Achilles heel of npm.
Biting the hand that feeds IT
