Web developer in that ecosystem here.
Those are packages that might have elevated privileges when run in production or on a local development server, if granted admin privileges: could run some malicious code from installed packages (or inner dependencies).
It is even more popular than nowadays with people running AI editors with almost full rights and companies not caring any bit about making the whole thing secure[1], so my attack surface is HUGE in comparison to yours.
It doesn’t mean that you’re fully safe because any kind of software can be a target of supply chain attack if for example you use a .dmg or alike that got bundled with hard to detect malicious code in it.
But just like everything, you will need to install software on your machine (it being Linux or Mac), just consider updating your system often and maybe limit your apps to the mandatory necessary if feeling the need for extra safety. 
Also, consider checking the quality of what you install by inspecting the (assumed open) source code like here. If you’re not sure about a specific app, feel free to ask for a recommendation for I don’t know…a video player.
TLDR: don’t worry too much since you’re not into IT yourself.
Ask for recommendation here and you should be safe.
Also, stores are not a silver bullet: they do let stuff through cracks sometimes + you don’t have everything on the AppStore to begin with.
why would they? it doesn’t bring money you know
↩︎