Every Fortune 500 company uses Node.js, the JavaScript package ecosystem built by millions of developers globally. Each of these third-party modules represents a security liability, says Jscrambler. Attackers can then inject malicious code downstream in the web supply chain, breaching multiple companies in a single go. In 2018, Web-based attacks cost companies $2.3 million on average, with the figure being $1.4 million for attacks achieved with malicious code. Management must have a say on this, raising the right questions on third party code security.”]
Source: https://www.darkreading.com/application-security/enterprise-web-security-risky-business