Everyone needs to switch to pnpm and enable https://pnpm.io/settings#minimumreleaseage

Pnpm also blocks preinstall scripts by default.

But you also need the latest versions to avoid zero-day attacks.

Not sure if you're serious, but if so I agree that people should take the time to set up their own package mirrors. Not just for npm but all other package managers as well.

This is why it's so important to get to know what you're actually building instead of just "vibing" all the time. Before all the AI slop of this decade we just called it being responsible.