[tacticus]

Which won't stop it happening with a package manager either.

Even immutable repos are going to have fun with DMCAs.

[jayflux]

npm hosted the packages so acted like a cache, the same didn’t happen when people deleted repos

[thefounder]

What happened when the npm owner decided to remove some packages? Why would you trust one npm owner than the package author? Can't you just cache the package if you need cache?

[jayflux]

> What happened when the npm owner decided to remove some packages?

They can’t, at least not older packages, I believe they need to contact NPM if they wish to unpublish packages. https://docs.npmjs.com/cli/unpublish

[thefounder]

I mean when Registry owner (i.e joyent or node org) removes your package for various reasons. Not to mention that private packages are a pain(i.e you need to spin up your own registry)