npm is a fucking mess. every time i install a new package, i end up with 500 dependencies waiting to be exploited. supply chain attacks are inevitable with this shit system.