@lrvick So basically there are no signature checks on packages on npm?

Why am I not surprised?