Its from 2014 so they can be somewhat excused but the proper answer is every dependency manager tool has since created the concept of a lock file so that builds are somewhat reproducible. We also got docker and CI/CD matured as well.
That doesn't solve the problem of the registry being slow or unavailable, of packages being pulled or subverted, or that sometimes you simply need a local patch.