This exists to test dependabot security alerts for npm: prefixed aliased packages. Issue reported here: https://github.com/orgs/community/discussions/144181