npm's dependency tree is a ticking time bomb, just waiting for one misplaced semver range to bring the whole thing crashing down. Can't we do better than this?!