The article is speaking to the multiple npm/pypi supply-chain attacks, attempts to hijack the trusted delivery chain. I will add that the Redhat compromise speaks to a need to improve elementary access controls. An organisations entire-code repo should not have been available to a single hijacked dev. Perhaps trust-validation and access-certification is something to add to suggested improvements. If nothing else increased friction will frustrate the npm attempted "worm".....

It sounds to me like the OP is complaining that his hammer won't work with every nail.

No tool is perfect and each has limitations.

Use each tool as appropriate and do not prescribe to purism over functionality.

Absolutely agree with this poster. I work in Academia in an Ivy League which purchases approx $10-15 million of Apple inventory a year. My main gripe is AppleCare. The Dell/HP/Lenovo systems bundle a 3 year warranty, Apple force you to license and purchase 3 year support separately and drive any price differential higher. On the other hand, xservers, xraid and xsan are definitely priced competitively with Dell/HP/Lenovo.

Furthermore, Apple Enterprise Software Licensing and Sales are outright incompetent. I purchased ARD2.5 one month before 3.0 shipped, Sales backflipped on my eligibility for a "free" upgrade and eventually i gave up chasing down their mandarins, almost as bad as IBM. Nutty scenarios like iLife only bundled with new machines and not with OS upgrades which are stuck with inferior iPhoto etc? Arrgh!

Apple should stick to the software business and not attempt to niche hardware costs attempting to compete with the marginally profitable Asian manufacturing. Apple cannot compete on the SMB tier.