There is no doubt, you have probably used npm in your project at least once. npm helps us with finding, installing and updating various project dep...
For further actions, you may consider blocking this person and/or reporting abuse
Great post summing up all the points for decision making :)
Just want to add one more point:
Version Compatibility
Sometimes we also need to check if the package and the dependencies will not conflict with our project dependencies versions.
Thank you. I have included your comment in the article.
Very useful, thanks!