[$] event-stream, npm, and trust

Malware inserted into a popular npmpackage has put some users at risk of losing Bitcoin, which is certainlyworrisome. More concerning, though, is the implications of how the malwaregot into the package-and how the package got distributed. This is not thefirst time we have seen package-distribution channels exploited, nor willit be the last, but the underlying problem requires more than a technicalsolution. It is, fundamentally, a social problem: trust.