can we just talk about how terrible it is that npm doesn't even care about keeping up with security vulnerabilities in outdated dependencies? like, i'm trying to build a project here, not host a playground for hackers