All these supply chain attacks lately with npm, making me paranoid about using the ecosystem.