npm is a never-ending nightmare, how did we go from "i just wanna write some js" to "okay first install 3000 dependencies and hope none of them have critical vulnerabilities