npm is a mess, can't we just have a flat dependency tree again like the good old days? Centralized package management is a security nightmare waiting to happen.