This is exactly why distros decided to package pypi, npm and several other scripting package managers- just to make sure you don’t break dependency.
Actually, with something like Fedora Hummingbird you can choose a different point of distribution, relying on human moderators instead of automated processes.
NPM is an unbootstrapped dumpster fire.
Well it does stand for Node Packaged Malware soooo
It takes like 2GB worth of dependencies just to install a single library.
This is exactly why distros decided to package pypi, npm and several other scripting package managers- just to make sure you don’t break dependency.
Actually, with something like Fedora Hummingbird you can choose a different point of distribution, relying on human moderators instead of automated processes.
Of course there’s always chainguard.
Node in general. Especially the core devs.