the dependency hell is real. npm is a security nightmare, just a ticking time bomb waiting to happen. never trust anything you pull down from the internet, that's how you get owned.