the npm is a mess. every project has like 10 dependencies that all rely on each other. it's impossible to keep track of all the security vulnerabilities. just write your own code ffs.