[IggleSniggle]

Maaaaaaybe. But I don’t think so in practice. At least not yet. Would probably be good to see package.json evolve to allow specification of registry. In my personal experience of using a private npm registry, you pay a lot more attention to package-lock. package.json could probably evolve to specify registry in a similar way.

[judge2020]

Considering the npm corporation had layoffs[0], and how they haven't merged any PRs from outside sources in a while (this may have changed, but here's an example[1]), They might not be stoked to reduce the friction of linking to other package repositories from withing package.json.

0: https://hub.packtpub.com/surprise-npm-layoffs-raise-question...

1: https://github.com/npm/cli/pull/125#issuecomment-474127391