npm is a security dumpster fire. how many times do we need to see critical packages get compromised before we learn? stop blindly trusting random code written by randos and actually vet your dependencies ffs.