i swear, is it just me or does npm always install dependencies with vulnerabilities? why can't they just work with the latest version of everything?