npm is a total shitshow. the amount of insecure dependencies and supply chain attacks waiting to happen is ridiculous. how is this the standard for js development?