The npm registry, one of the largest open-source package repositories, has over 960,000 packages with more than 250,000 added in 2018 alone. However, few developers know how many packages are connected to each other or what percentage have no dependencies or dependents. Research by K. Vaidya et al. found that only 28% of npm packages have no dependencies or dependents, contradicting the perception of a convoluted web of package connections. The study also found that the average depth of a package dependency chain on npm is around 4.39 packages deep, and that 61% of packages on npm did not publish a release in the last 12 months, indicating potential "abandoned" packages. Despite these findings, cumulative download counts approach billions for many abandoned packages. The study concludes by recommending improvements to package repositories and package managers to address security concerns, such as alerting users about typosquatting attacks.