npm is a security nightmare. seriously, who thought it was a good idea to let anyone publish packages with arbitrary code? i'm sticking to apt, at least i can audit what's going in my system.