Should I still use npm? If so, should I adopt specific practices in my package.json, etc?
Should I be considering some other package manager?
-- i just made that up.
(but we actually do, in fact, do all of that for our major dependencies like upstream OS's, build deps, gitgub repos, cm, etc.)
if you don't have anyone on your team that knows how ......... well, you should probaby fix that.
- All developers on a project are in sync.
- You can get the repo back into a good state if npm choked.
- You can go back in time to a prior version with all of it's actual dependencies at that point in time.
1 - https://news.ycombinator.com/item?id=11354147
If third party modules are hosted on GitHub, you can fork them.