Require packages to be downloaded >= 100x/day

This should make it more difficult for people who are publishing
malicious packages to npm to get them on the CDN.

server/NPMAPI.js

@@ -0,0 +1,17 @@
+require('isomorphic-fetch')
+
+const NPMAPIURL = 'https://api.npmjs.org'
+
+function getJSON(path) {
+  return fetch(`${NPMAPIURL}${path}`, {
+    headers: {
+      Accept: 'application/json'
+    }
+  }).then(function (res) {
+    return res.status === 404 ? null : res.json()
+  })
+}
+
+module.exports = {
+  getJSON
+}