npm is a security dumpster fire. it's like someone left hte door open at a hacker convention. if you value yr sanity and your servers, steer clear.