[vkjv]

This is indeed a great way to shim, but in case any readers aren't aware of the limitations:

* NPM is unable to keep track of the version. This means no semver and that `npm install` re-installs the module every time. * Git sub-modules do not work. This can sometimes be a deal breaker. * This requires either your username password or private key to install. This gets especially messy if you are trying to do some type of CI build (e.g., build a docker container) and don't want your keys to leak into the build artifact.

[Touche]

I would say more correctly that NPM doesn't keep track of the version, not that it isn't able to. Many git tags are version numbers, NPM just doesn't parse them.

[Navarr]

PHP's Composer does this properly, so it's surprising that NPM doesn't.

[xorcist]

Not really. Nobody would need private modules if it did, and they need some monetization strategy.

[joesb]

I would say tying language's main package installer capability to monetary need of the company hurts how I will node/npm as a stable platform.

Imagine if RubyGem/PythonPackage/NuGet goes with this stragtegy.