Okay I have a better expression of what I have in mind, I don't think I communicated it well before, my mind works differently than most and that results in communication problems, I am sorry.
https://github.com/AliceWonderMiscreations/ResourceManagerThat's a github where I am starting to flesh it out.
The basic concept is described there, I could retype it here but the Google Groups interface is hard for me to use, it does weird things, markdown is so much easier and github supports markdown.
What is there is a synopsis of what I am looking for that I believe would be of huge benefit to web application development as well as improve security by doing things like automatically generating integrity attribute etc. when checksum exists in the script configuration file.
With respect to NPM etc. I have used them and do not like them. Similar issues I have with Composer.
I think Composer is fantastic for development but I do not believe it is safe for deployment because it really is no different than static linking resulting in vulnerable code. Also there is very little oversight over what goes into packagist.
If I was a blackhat I would create Class A and then Class B that depends on A and then C that depends on B and then very useful D that depends on C.
Once D had sufficient install base, I just need to put my trojan in A and then soon the trojan would be deployed all over the world. It would be found eventually, but it is too easy to do, hence why I do not like Composer for deployment.
I don't mean to offend anyone, it's a fantastic tool for development.
The JavaScript managers have same issue and indeed it has happened with them before.