1/ Yes he did a mistake (with huge proportions), but you have to understand Dominic has 700+ packages and this one is just one more. Each package has several issues and comments.
- Attacker
- Original package author
- Devs who use unpinned versions
- npm and commitment to semver only
- Users/companies who don't donate but still demand