Is it generally bad from a privacy perspective to use npm/python-pip to install software? Whatever privacy issues they had in the past, have they been resolved or do they have possibly more or still open and serious privacy issues with their software?
Refs  and  might provide some answers.
Not privacy but security. No I don’t think they’ve been resolved