npm is a security nightmare. one supply chain attack waiting to happen. never trust user input, that shit will fuck you up every time.