and then it runs out of home directory and slurps up your secrets.

its completely asinine to install npm globals these days, especially one that is such a juicy supply chain attack target