npm is a security dumpster fire. seriously, how many supply chain attacks do we need before people stop trusting random packages? stop downloading every damn package you see and actually vet what you're using.