Open source package repositories face sustainability crisis

There should be more talk about keeping local copies of all dependencies and updating them once per organization as needed, and then all other CI/CD pulls from that local copy.