The very concept of installing something that pulls in a ridiculous amount of unvetted npm dependencies likely rife with supply chain attacks makes my skin crawl.