Great. Left-pad's evil twin finally arrived.
One of the reasons I've never liked the Node ecosystem is the ill managed nature of NPM. 'The largest package system in the world' - sure, but it's massive swamp of crap for the most part. I'd deliberately try to use the most minimal tools when bringing things in to my projects - tape instead of ava for instance.
You'd not get this madness in, say, Perl. Or even Go. Is the culture to blame? Massive frontend frameworks? A failure to recognize what we owe to each other when we publish software?
It's a mixture of many things in my opinion.
Maintainers that aren't paid and get fed up at some point, carelessness, the absence of a vetting system or a network of trust, the absence of static security analysis, the absence of a standard library, the culture of writing small modules for everything (search the is true package).
There's a thread going around where a developer counted that the react starter kit installs 1700 packages. Most of them are transitive dependencies.
The package in question is a transitive dependency of transitive dependencies, most people don't even know it exists.
The graph of most packages, not just frameworks, it's just stupid
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.