I honestly wouldn't have a problem with them removing that option, and only
allowing packages to be removed by contacting support with a good reason.
(Accidental private info disclosure, copyright violation, severe security
No court is going to shed any tears over fact this has wider consequences than if you'd been able to comply with a narrower takedown request.
If you want to be your own provider then host your packages on your server(s) and tell your users to add npm.cooldev.me/packagename to their configuration.
If you don't want to host your own then you can choose from a few public providers like npmjs but then have to be subject to their guidelines, policies, and fees.
Throw in some automatic bittorrent support in the client to help offload costs and you've got something great.
Engineers often think that they are the first people in history to have thought "Hey, wouldn't it be easy to pull one over on the legal system?" This is, in fact, quite routine. The legal system interprets attempts to route around it as damage and responds to damage with overwhelming force.
+ the balance of hardships between allowing the conduct in question to continue vs. issuing the injunction;
+ whether the damage being caused by the conduct in question could be satisfactorily remedied by a payment of money as opposed to a mandate or a prohibition; and
+ (importantly) the public interest.
See, e.g., the Supreme Court's discussion of the four-factor test in eBay v. MercExchange, 547 U.S. 388 (2006), https://scholar.google.com/scholar_case?case=481934433895457...
"I've found a clever workaround for court orders" doesn't work around that bit.
Even when the former is actually impossible, a court could still punish for the latter. "Ha ha ha I use technology to cleverly show how futile your orders are" is not the kind of thing you want to say to a court with broad contempt powers.
If the safe harbor law protection doesn't apply, and the defendant is responsible for the illegal behavior, the defendant can absolutely be held legally liable and pay the legally-appropriate punishment.
> "So what you're saying is, your computers cannot possibly not continue damaging the plaintiff's interests." "That's correct."
> "You're being honest with me." "Yes, your Honor."
> "Will the computers continue harming the plaintiff's interests if shut off?" "No it wouldn't, your Honor.".....
And suddenly things like NPM can transfer the data to other machines, and those machines themselves can also provide to others. Deletions are impossible if people still want the content.
And IPFS guarantees that if a single node has the data, then any node can download it and also be part of the cloud that provides the data. Once it's out, it's impossible to retract.
In other words, Hulk Hogan vs Gawker.