I didn't know that with the git hash. That's a good point! What I like on NPM is that they use JSON for defining the dependencies and that the packages are by default not installed globally. NPM and Bundler are different in some ways, but in general they do both a good job.
