It would be interesting to include a precommit hook (or similar) in the developer's local npm setup, that sends you what packages are needing to be installed for what commit. That way you're aware of package changes before they even push, and can preinstall them.
So if a user has the VSCode extension installed, we'd actually install them even earlier than a commit hook could, since we'd install packages as soon as they save the config file. :)
Edit: actually a git postcommit hook would be good. Then you could cache deps against a commit hash, and then load them as soon as you see that hash in origin git.
