
Dependency hell
npm is as reliable as their website, I guess that was the joke you are making...
npm Inc, the company behind the Node.js package manager and command-line utility known by the same three letters, on Wednesday plans to make its developer collaboration tool known as Orgs free for open source projects. Those using npm to manage private packages still have to pay. "This lets us decouple the paid features from …
This is a noose around the neck of open source developers. Open source means you don't need someone's permission or their blessing -- if they get run over by a bus or turn into a fire-breathing dickface, your project survives because they can't cut away key sections of it. If Linus Torvalds tomorrow decided to set fire to Linux and tell people they had to pay him now to use Linux, people could simply say "Screw off" and continue on with what they have now.
That's the big benefit of open source, and all the package managers used, like github, rpm, dpkg, etc., etc., etc., all can be forked and new repositories established, should a dickface event occur. NPM offers no guarantees you won't invest in it, only to find out in a year they changed their mind and you have to pay now. And if you think that would never happen, I've got a bridge to sell you.
Steer clear, guys. It isn't worth it.