Then don't delete your lock-file and the vector doesn't exist?

Rolling your own package management solution because understanding the existing tools is too hard.. That is peak "javascript sucks and I'm going to comment about it" energy lol.

I'm not fully clear what you mean by don't delete lock file when the problem is the open source developer decides to unpublish their npm package