I have a smallish express/react project. Recently I audited the package.json to remove unused packages and I discovered that project depends(and sub-depends) on 1101 packages. One of them is basic-ftp and I had no clue about it. npm why tells me that pubnub depends on it. I will be digging further why notifications need to be delivered over ftp.<p>Run the following command at root of your project to find out how many packages do u have.<p>npm list -ap | sort | uniq
That's beyond ridiculous, as an ecosystem. There is zero means for a user of npm to audit packages end-to-end.<p>Is anyone attempting to improve upon this poisoned web of packages?