It is unbelievable how much surface area npm has to compromise web software and how poorly it is still secured and run. It is constantly stressful to have Node code in production.
This library isn’t exactly leftpad or whatever that ridiculously simple and ridiculously popular library was, but this user agent parser doesn’t really seem necessary imo. We’ve got to question our dependencies, and if it’s something trivial like this I wouldn’t want it in my codebase.
