It's kind of unbelievable that NPM is a for-profit company that serves the node community for free. You can't possibly expect them to make the right choices when the community isn't whom they are directly responsible to. NPM should be a nonprofit foundation, a coop, or some other organization that has its operations funded by the community and has elected positions.

Their lack of financial or other interests in the community directly explains their policies.

Honest question: what's the alternative?

I've mentioned this elsewhere in this discussion, but: https://github.com/ramasilveyra/gitpkg

I've been using it a bit, and it's really nice. Yarn (and the npm command line tool) already provide nice methods to install packages from arbitrary locations, including git repos; this provides a nice mechanism for publishing to git repos. It's a super simple solution, but then, it's not really a hard problem.

Publish you package on an http reachable git server and use that as location for your package.

Distributed systems. Mirrors. Tools that are agnostic about sources for packages.

There's no reason that we must have a single, centralised package repository for a language and the dominant tool chain for that language relying on it by default.

nix (pkg manager). Can give you an insane amount of control of how your project builds, especially if you use nixos, but with great power comes great responsibility XD.