npm can't even get package versioning right, how am I supposed to trust it with my project's dependencies?