You can clone with
HTTPS or Subversion.
at least if they're completely different underlying repos
My interpretation of this issue is this: if npm can recognize that its dependency is upon a git repository, then there's no need to check the npm registry to find out what versions are available - the source of truth for that is the git repository.
If that interpretation is correct, it seems it's redundant with #5151.
That seems plausible. Closing as a duplicate of #5151.