@Gargron i think that's the "every modern app" way - it works, but i find it's like taking a comically sized mallet to a single nail codebase-wise

i still have to constantly field dependabot PRs for crap i made years ago because of the npm dependency hell. the horror, the horrorrrrrrr