Unless they're paying for NPM, my sympathy is limited. They should _really_ be putting Artifactory (or equivalent) between themselves and the public NPM registry. Or, at the very least, fallback package.jsons pointing to the source Github repos of each dependency. Anything at all so that npm install doesn't have a single point of failure.
