[drkraken]

It not depend on Node.js.

Xeon just add ability to use npm as your package manager, why use tools like bpkg or something else if you can use great environment that trusted by thousands people.

Xeon bundle should be made on dev step, you should not bundle it on real server .etc where u use this script.

[subway]

Because thousands of people place their trust poorly.

[nilliams]

Do you have any specific complaints with npm?

[subway]

Reliance on transport security instead of providing cryptographic verification of code is my biggest beef, very closely followed by what is essentially a nonexistent reputation system (or, in lieu of a code reputation system, a curated selection of packages).