npm update just broke my entire project because of one rogue dependency... why do we still not have a better way to manage this chaos?