The npm package 'jquery-ui' includes the directory external/jquery/ (among others) in addition to the regular package dependency on jquery. Is there a reason for that?

Dropping the jquery copies would shrink the npm package by a few MBytes (~12 MiB, which is quite substantial, considering the whole package is around 15 MiB). Another benefit would be that security scanners no longer identify jquery-ui as containing vulnerable versions of jquery.

I would suggest to at least exclude the external/jquery*/ directories from NPM by listing it in .npmignore. Maybe even the complete external/ directory tree.