A problem I often have is I'm working on two packages, e.g. my-library and my-cli, and the latter depends on the former. (Doesn't have to be a CLI, this is just for illustration.) In this situation, it's common to do npm link my-library from my-cli during development. But then you might forget that this dependency is linked locally, and you think my-cli is all ready to publish (automated and manual testing seems to show it's all working nicely), so you publish it... But then it turns out the published version doesn't work, because you forgot to unlink, bump and republish the library, and then update the dependency for real in my-cli.

So it might be useful to add a check that prevents you publishing the package if any of its direct dependencies are local symlinks.