great, now attackers can also target all the libraries to enable all that complexity in npm too.