[SoonDead]

I'm interested why this is not the default behaviour. Would it break anything legit if npm would just simply switch to this behaviour? Are there any strong arguments against this?

I'm interested in use-cases where access to anything outside the current folder (the folder npm is called in) is justified and depended on.

[detaro]

How are packages with native dependencies build? Presumably that requires access to the compiler and libraries? (I don't know anything about npm works, so read those as real and not as rhetorical questions ;))