TL;DR: it's not a problem if you replace npm-cli tool with another capable tool.
It's basically about convenience. For example, if you've tried yarn (the Facebook's new thingy and npm-cli replacement), it messes up with your node_modules. If you try some npm modules themselves, they can do it too (for example: fix-dropbox-node_modules-symlinks).
Having your module version numbers in package.json, now that's the real deal. What does npm-cli offer:
- keeps track of versions and updates stuff for you,
- takes note of what's a prod dependency, what's a dev dependency, peer dep etc,
- allows for cross-platform stuff.
There's more stuff, but these are, I think, the most important points.
The way I see it, only the last thing might bite you hard, but let's go over those points.
1. Versions and updates
Like I've said, yarn does package version management. Bower does it too. Many tools do, even Sublime or WebStorm can do it for you. The thing is, pick a good thing that you can repeat in production environment and on every dev's workstation, and you're probably ok. If your tool can also update package.json, you're golden - even people who don't use your tooling can probably repeat your steps (or run your one-liner install/setup/config script).
As for updates - if you're "manually" (or by other tool than npm-cli) updating a package version, but still plan to ship without node_modules, you might lose the correct package version. If your other tool is automated, you can simply reuse package.json or something like that, but if you're getting a new module by actually downloading it and saving into node_modules/, you might forget to update your package management.
So, unless you ship node_modules/ directory with all your code, this might be a problem. Again, tools like yarn can update on their own, so no issue.
2. Dev, prod, test, peer etc dependencies
Ah, basically the same. If your replacement tool supports this, no risks. If it doesn't, the risk is again that prod doesn't get a critical module or that devs work with different versions of modules or simply that your git repository is huge and checkout and deployment takes forever.
3. Binary modules
Say you're installing redis and hiredis. hiredis is a binary package. If you drop in your own version manually, and you're actually shipping the node_modules/ folder, your colleague might be using a mac or windows (guess what I'm using :P), so it won't work for them.
But again, tool that takes care of it, takes the pain away.