Your point is well-taken. Broken deploys are just the extreme case. You'd run into the same problem if two devs on the team just happened to install libraries at different times. One would get it, one would not. And you don't get a remotely helpful error message in that case. So, you're back to mirroring or vendoring everything you need anyway. Arguably that's better, but why even bother with a centralized package management system at all then?
