all these dependencies are a security nightmare. never know when the next supply chain attack is coming. i'm so done with npm, it's a total shitshow.