I think the time has come for Titanium and Alloy to start using npm as a package manager when installing commonjs packages from npm. Right now it is sort of possible with a work-around. You can run npm with --prefix or change to the lib or vendor directory and run npm install from there.
What I propose is actually pretty simple. Just install stuff in the root directory (the one that contains tiapp.xml) of the project.
If I want lodash installed, I will simply run npm install lodash in the root directory.
All Titanium has to do then is look at all the installed packages listed under dependencies from the package.json in the root directory and copy them to the vendor/node_modules directory. Titanium should skip any dependencies that are also listed under devDependencies.
This would be a HUGE win that could help align Titanium and Alloy with the standards for installing commonjs packages.