Would it be possible to package React?

Since Fedora tends to have pretty solid security practices, would it be possible for Fedora to package React? NPM has been victim to a few attacks at this point which makes it hard for me to trust. I would prefer to only use distro packages but hardly no one is packaging Reactjs.