Completely agree the deeper discussions should be around packaging and lifecycle. This approach is focusing on developers bundling. But also, from the build/devops side, whatever you do, it’s madness to break builds instantly whenever third-party registries or devs change things. Last year we used a simple approach to cache entire builds reliably (without setting up local npm cache servers etc.). It’s possible something like that should be done in addition to bundling, and in any case provides a sort of operational safety net while the ecosystem is in flux.