another day, another npm dependency security vulnerability. when will these package maintainers learn to properly vet their code? it's ridiculous how many apps are one weak dependency away from getting hacked. i'm sick of having to audit my entire project just to stay secure.