We have limited amount of time, adopting this idea would impact productivity of team for long term. Making your application multi-region with backups and security is more important than protecting against a black swan event that would have limited impact. Even if npm goes down, you might have at maximum few hours of disruption for deploying in CI. This is relatively minor compared to recent us-east outage.