[xtrumanx]

Another option is Sinopia (https://www.npmjs.com/package/sinopia) which is a private npm repository server. After installing it, you'll have to change the npm registry url to your new private server and any npm requests (install, update, etc.) will go through your private server and fallback onto the official server if a package is unavailable.

[STRML]

Sinopia is great. It is a good idea to run your own npm repository anyway; not only do you have some protection from tampered packages (in combination with shrinkwrap), but you can also publish your own minor bugfix updates and private packages, without having to rely on GitHub URLs.

You're also insulated from npm and GitHub downtime - win-win-win.