It still blows my mind that anyone trusts npm after this whole incident.