Yes, i think recreating an npm kind of central place for your project dependencies seems almost required if you want to avoid depending on a different version of a lib in each file of your project.

I cannot understand the benefit of this scheme honestly. I would have preferred they fix something npm is lacking, like adding the ability to sign packages

If the goal is to get rid of NPM, why would you add another one in the future?

The goal is not to eliminate npm, but to decouple it from the runtime itself