Hi,
Regarding the size of the bundled nodejs runtimes, it would surely help to reduce the used bandwith
But IMO your approach is wrong. Every npm build needs a nodejs runtime, right ?
If a CI/CD system drives frontend builds (including the Sonarqube analysis), it needs - and already has - a configured nodejs runtime environment.
Will you also start shipping a JRE and dll for mssql integrated authentication in the future !?
BTW that’s often wrong in the docs after releasing a new Sonarqube version 
just one example
Shipping a bundled nodejs runtime is well-intentioned, but overkill / causes problems.
How to implement “downloading only the target platform architecture”, guess you have to ship different editions of the sonar-javascript-plugin ?
Then you might also provide a variant without a bundled nodejs runtime.
The timeout of 5min comes from load balancers, this causes failed builds because of socket timeouts after a Sonarqube update when scanners have to download the new plugins.
Right now yes. No other tool transfers such big files.
Gilbert