My ideal package manager design for a programming language:

Packages are downloaded over a P2P system, like BitTorrent or IPFS
The package manager runs as a daemon and seeds all downloaded packages
There is also a centralized site, which is a directory that maps packages to hashes/torrents; also has documentation and search
The site has an open API that other sites can replicate
Project files reference packages by both name/version and hash; the hashes remain valid even if the site goes down
The site has human moderation and handles detecting malware, spam, etc. and removing it
Package names always have a username prefix
The site's staff can choose to bless a package as the preferred implementation of some feature, giving it a non-prefixed name