why do so many devs still use npm? it's a malware playground just waiting to ruin your project. anyone else tired of playing dependency roulette?