seriously, who thought it was a good idea to have a package manager that can just silently install arbitrary code from the internet with one freaking command?