npm has become a single point of failure for the entire web - one vulnerable package and your entire project is at risk, meanwhile the fed is still debating whether inflation is a problem