Thanks! I am convinced now, I will learn how to create reproducible builds.

My worry is that the build is run through npm, and if I think that the dependencies rely on additional dependencies such as openssl libraries, and I worry that it will be a lot of work to figure out what every dependency is and how to make sure that the correct versions can be installed 10 years from now. So it does look like a difficult project, but I will read more about it and hopefully it is not as complicated as it looks!