There’s another alternative, which is manually adding libraries to your project yourself instead of doing it all automatically through a package manager.

Yes, it’s less convenient to download and import a package manually, especially if you need to do the same with a litany of dependencies, but I don’t feel like that’s a bad thing. Raising the barrier of entry for arbitrarily adding thousands of lines of other people’s code to your project would force people to think about how much of that they actually need.