npm e all the node ecosystem is a hell of a liability

i'm slowly searching for a more secure and healthier approach