I dunno. If you’re sloppy enough to install whatever dependencies onto your system, and not notice a new dependency, called “peacenotwar”, I’d say it’s your problem.
Doesn’t necessarily make it OK, but this will only affect the sloppy.
No one is going to audit the entire transitive closure of their dependency graph for every project they try out on their computer. This is not just going to affect the sloppy.
