I agree with your conclusion; fork and build from source if you want to be in full control. That’s the power of distributed Git repositories; nobody can tamper with your clone. Nobody is hindering you from doing this.

Most users prefer smooth experiences over tin-foil hattery, though. People want “Appleish” experiences. That’s why I provide binaries and that’s why the project has become such a hit. This was an issue back in 2016 as well, but I made the decision to ignore the very few tin-hatters in order to reach a wider audience. It was a good decision.

However the NPM history lesson is nothing but retold speculations and made up sensationalism. There is an answer I wrote more than a year ago, and today things are following that plan with more and more moving over to the new code base.

You can read the actual reasoning here, instead of speculations: https://www.reddit.com/r/node/comments/97kn8r/the_uws_npm_deprecation_response/?utm_source=amp&utm_medium=&utm_content=post_body

Take care now, and I hope you enjoy the open source code I have written and made available for free. You are free to use alternatives if they better solve your problems.