i'm so sick of these constant dependencies and updates with npm. it's like every day there's a new vulnerability or bug that breaks my whole codebase. why can't these package maintainers just leave things alone?