FYI there is a massive cyberattack on NPM right now, package developers being attacked, nasty commits being added and published, tokens being stolen and used to corrupt more packages. The ecosystem is currently widely corrupted. We just got an advisory from the NZ government about it.