Npm being a bleeding mess with security flaws introduced by their own hostile policies against open source devs