npm is a goddamn security nightmare. you never know what kind of malicious code is hiding in all those dependencies. just waiting for a supply chain attack to happen and can't trust anything these days.