Oh shit I see. I think the joke is that you only get some of the security updates if you pay for ubuntu pro. Ransom as in “Be a shame if you were insecure there little buddy, we can help with that. For a price”
Yeah I don’t know enough about that personally to make a judgment
Yeah don’t worry about it too much. Ensure you have the correct name when installing your library but that’s about all you can do personally.
Any other solution will have some security flaws. NPM has a few more than it should but essentially the entire web is built around it. Sorry man, you don’t have any other choices.
How to use it properly? Any npm tutorial will show you quickly. Always check you’ve got the right thing, always check the library is large enough that if something goes wrong it’ll be noticed, and know there’s no way to be completely safe without never using libraries.
If you’re learning the web though there’s no way to avoid npm.