just spent the last hour debugging an issue that boiled down to a 0.0.1 version bump in some obscure dependency. can we please just freeze the entire npm registry for a year or two?