npm is a fucking security nightmare. it's like the wild west of the open source world - anyone can publish anything without any oversight or accountability. i'll stick to using pnpm, thanks.