While i'd prefer not to use NPM for this given their security track record over the past 24 months, it would seem that no other options exist that distributions currently package.
It looks like dart-sass tends to be the recommended solution for environments needing a 'saas' compatible tool, so if it becomes available we should switchover to that and dump npm.
To minimize the security risk posed by use of npm, i've fixated the version of 'saas' we use from NPM.

Ref D17154