This adds optional deps that only work on OSX back to the lock file, previous npm versions were only adding it when run on OSX, now that it's fixed we should update the lock file so it doesn't show any diff when working on OSX
use linkifyjs to make all URLs in the annotation clickable, but since it requires us to stop escaping html when rendering annotation object let's first manually escape it to prevent rogue alerts with malicious annotations from executing <scripts> and other ugly things in user browsers
This dependency was added to package-lock.json because npm install was initially run on MacOS and that package only works there. It spams CI jobs with warnings and keeps changing package-lock.json when developing on linux, MacOS builds should be fixed not to add it
