Yeah, but the azure supply chain attack explains why all of a sudden they can make this change.

It seems that if you want to get something important changed in npm, you simply need exploit some of its short comings against Microsoft instead of discussing why it’s necessary.