It looks like NPM is now being used to serve advertisements to our terminals. Since I do not consent to seeing these advertisements on my machine, its only fair to the package maintainer that I also do not install their library onto my system. While I would never install the package directly - its quite likely to get pulled indirectly as a dependency of another library.
As far as I can figure, there is no way for me to blacklist an entire package from my system. It would be nice if it were possible.