I only do npm install in a docker container where the project and npm cache is mounted. Gives me a bit of security regarding attacks through post install scripts. (--no-scripts is not an option since I need some of them)
Adding a shameless plug here: Aegis is available on f-droid and allows you to backup your 2FA secrets on your own server (e.g. own nextcloud) in case you don't trust the default Google authenticator.
Time based one time passwords. Those (usually) six digit codes which get replaced every 30 seconds or so. During setup you copied the secret to your device (usually smartphone) and now your device and the server you authenticate at can calculate the same secret code every thirty seconds.
It's true, humans fighting humans just to reclaim borders from some point in the history. A country cheers on autocratic behavior of their leader. The planet itself is dying because humanity consumes more resources to than it can restore. The universe would do us a favor if the heat death happens sooner than prognosed.
Advocates of vibe coding say that it allows even amateur programmers to produce software without the extensive training and skills required for software engineering.
Now if you replace some words you see how absolutely bonkers the idea in general is:
Advocates of aircraft autopilots say that it allows even amateur pilots to fly large airplanes without the extensive training and skills required for commercial pilots.
That's why I start my dangerous queries with a broken first word like ELETE FROM table... and do a proofread before adding the D. Saves you from annoying mistakes either by stupidity or fat fingering the enter key.
Based on your post history and behavior I would hope they don't learn it from you in your current state.