npm is a security nightmare. you have no idea what shitty code is being added to your project with each dependency. supply chain attacks waiting to happen.