Bandwagon.fm is a great project, but unfortunately, ActivityPub/Federation is not yet reliably implemented and has too many bugs.
For example, if you follow a Pixelfed account and then unfollow, the follow remains on Pixelfed!
In my opinion, the ActivityPub part of bandwagon.fm is unfortunately not yet production-ready and should be tested and fixed more thoroughly.
Don't forget the instance operators! How can we get them more donations?
I recently found out about https://crowdbucks.fund/ (which is done for the Fediverse) and https://liberapay.com/
Maybe a first step would be to offer a native way to link to such donation platforms (link on the user profile, link on each posting, ...)
Also donations for the instance should be promoted more prominent.
You can use pnpm instead of npm. pnpm has a "Delay dependency updates" feature where you can install package versions that are x old only.
See https://pnpm.io/supply-chain-security#delay-dependency-updates
Edit: I just found out, that this can also be specified in npm and yarn: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e93104