npm has to be the single worst package manager on the planet... Trusting devs to use semantic versioning properly and forcing devs to trust authors of dependencies to use it properly is nothing short of insane. The package-lock that is "supposed to be version controlled" causes *constant* merge conflicts. Using shrinkwrap in its place is borderline useless because it Doesn't. Lock. High. Level. Dependencies.

I don't know who designed this, but I want to give them a very bad day for every hour I've spent trying to lock versions correctly on a live project.

Not to mention requiring root by default to install things that can just run whatever they want is ludicrous.