Mitigating 'delete node_modules'
A solution to this problem would come down to having smaller dependency graphs and having more acceptance tests in packages that can manifest breaking changes on CI, but that's unfortunately not an overnight change considering the size of the ecosystem. Because of that, in Gestalt, we decided to defend ourselves against sources of non-determinism like that one. We did so by leveraging the bundling process through Rollup. I know this sounds weird if you are used to using bundlers to optimize the artifact that's served to the user, but believe me, it plays a crucial role in improving the experience for Gestalt users.
Our packages have their external dependencies as devDependencies*.* The versions are pinned through Gestalt's lock file. They are tree-shaked and bundled as part of the bundle of the package, and that's the bundle that we use for running our e2e tests, including in the NPM package that users install. If the bundle passes our e2e tests, it'll work as expected on the user side. We make exceptions for mature dependencies and have solid test suites because we have a higher trust in their usage of semantic versioning.
We've been using Rollup for bundling, and we couldn't be happier with it. It also helps transform CJS dependencies that we can't interoperate with because they don't follow the Node conventions. Here's an example of the configuration used for bundling the @gestaltjs/core package.
Every tiny detail can have a significant impact on the developers' experience. Therefore we can't embrace "delete node_modules" as it is what it is when there are strategies we can adopt to minimize it.