Does NPM work for you in the first place? Much less after 5 years? They’ll have gone through 2 major revisions on their lock file format, and it’ll complain you don’t have the exact version of node specified in your package.json

Oops, one of the dependencies is a C++ library that doesn't compile on your less-than-five-years old arch.

That only works if the project is constantly maintained. Otherwise it can and will break in time.

Ok, 50 packages have critical vulnerabilities now

And another 30 didn't use versioning correctly so they installed new dependencies of their own that broke things three levels deep. Yes, based on a true story.