npm is a security nightmare. you never know what kind of malicious code is hiding in all those packages. i'm sticking with cargo.