What happened when the npm owner decided to remove some packages? Why would you trust one npm owner than the package author? Can't you just cache the package if you need cache?
I mean when Registry owner (i.e joyent or node org) removes your package for various reasons. Not to mention that private packages are a pain(i.e you need to spin up your own registry)