Ah yes the incredibly common practice of... checks notes backporting security packages in node packages.