If anyone needs placating, it's those developers, managers and executives who pushed hard for the use of Node.js in business settings, not expecting a serious security incident like this one to happen.
For those who are especially serious about their careers, reputations, budgets and power, incidents like this involving the technologies they hyped and pushed through can be disastrous. Now they're seen as being very wrong about something very important, and this in turn makes them extremely angry.
They know that their competitors within the business will use this incident against them. Their next initiative will surely face comment like, "Why should we listen to you after the npm disaster?", and they will face a much harder battle if their decision involves any controversy or doubt at all.
Every technology is going to have an "incident" like this. Experienced developers expect security "incidents". There are quite a few managers and executives who do not understand security and don't. And many people who will use this sort of "incident" politically. Politics is the problem there, not the technology.
Just because they found one significant security issue with npm does not mean they were "very wrong" about using Node. Its just a reality of security with any technology.
This isn't a disaster, this is a demonstration of maturity, responsibility and transparency.
PROTIP: if you're so serious about your 'career' and 'power', maybe you should stop 'hyping' and 'pushing through' this weeks hot tech toy you read about on HN and Reddit, and start building something worthwhile yourself. That way, you won't have to bet your precious career on some dude on the internet you never met before to not screw up. What a concept!
For those who are especially serious about their careers, reputations, budgets and power, incidents like this involving the technologies they hyped and pushed through can be disastrous. Now they're seen as being very wrong about something very important, and this in turn makes them extremely angry.
They know that their competitors within the business will use this incident against them. Their next initiative will surely face comment like, "Why should we listen to you after the npm disaster?", and they will face a much harder battle if their decision involves any controversy or doubt at all.