And there are a number of vulnerabilities with those packages, which are not being fixed. I think NPM should remove any package that are not maintained or have severe (any?) vulnerabilities. IMO, we have too many packages,some restriction to publish will be good.