Can't wait for the first crypto-attack on a front-end JS library that's caused by a Go package vuln. God knows how `pnpm audit` will handle Go-module dependencies.

(I opened an issue against typescript-go to flag this https://github.com/microsoft/typescript-go/issues/2825 )