>> It absolutely should, just like any dependency on any other third party code or servers
There's no need to be scared of any of those things if you understand the trade-offs and risks.
>> Especially when they regularly have incidents like this.
They don't.
>> Simple fact is you should not be relying on ANY package registry at the time of deployment.
> This is true, but doesn't prove the previous claim.
The 'previous claim' follows from it. If you don't treat a package registry like an essential part of your own infrastructure, there's no need to be scared of it.
It absolutely should, just like any dependency on any other third party code or servers. Especially when they regularly have incidents like this.
> Simple fact is you should not be relying on ANY package registry at the time of deployment.
This is true, but doesn't prove the previous claim.